Detecting attacks using compromised credentials via internal network monitoring
The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing pass...
Gespeichert in:
Hauptverfasser: | , , , , |
---|---|
Format: | Patent |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network. |
---|