Cynet Network Detection
and Response (NDR)

Credential Theft

Gaining user account credentials is a key enabler of lateral movement. To achieve that, attackers exploit networking mechanism weaknesses to extract password hashes from intercepted internal traffic.

Data Exfiltration

The final stage in any attack is to exfiltrate compromised data from the internal environment to the attacker’s premises. A common way to evade perimeter defenses is to disguise the exfiltration as a legitimate protocol such: DNS, HTTPS, etc.

Lateral Movement

For advanced attackers, the first compromised endpoint is merely a mean, not an end by itself. The attack’s true objective resides on other endpoints or the server. There are numerous vectors to spread across an environment, many of which generate unique network traffic.

Reconnaissance

Gathering information on the attacked environments is a prerequisite for efficient malicious expansion and is typically executed by any type of port scanning.

Risky Connections

Active communication with malicious sites includes: malware distribution, phishing, and known C2C based on intelligence feeds.