Detecting attacks using compromised credentials via internal network monitoring

The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing pass...

Full description

Saved in:
Bibliographic Details
Main Authors Grady, Itai, Lakunishok, Benny, Dubinsky, Michael, Be'ery, Tal Arieh, Plotnik, Idan
Format Patent
LanguageEnglish
Published 13.11.2018
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:The threat of malicious parties exposing users' credentials from one system and applying the exposed credentials to a different system to gain unauthorized access is addressed in the present disclosure by systems and methods to preemptively and reactively mitigate the risk of users reusing passwords between systems. A security device passively monitors traffic comprising authorization requests within a network to reactively identify an ongoing attack based on its use of exposed credentials in the authorization request and identifies accounts that are vulnerable to attacks using exposed credentials by actively attempting to log into those accounts with exposed passwords from other networks. The systems and methods reduce the number of false positives associated with attack identification and strengthens the network against potential attacks, thus improving the network's security and reducing the amount of resources needed to securely manage the network.
Bibliography:Application Number: US201615199880