Lateral account mapping

摘要

Systems and methods of correlating accounts among a plurality of network assets using account lateral movement data is presented in the context of network security. In one embodiment a plurality of authentication audit logs are received from a plurality of assets; the plurality of authentication audit logs are correlated; and a notification is generated based on a comparison of correlation results and a database of permitted account associations.

主权项

1. A method of monitoring a network, the method comprising:
receiving, via a processing module, a plurality of authentication audit logs to assist in generating account lateral movement mapping data from a plurality of assets; correlating, via the processing module, the plurality of authentication audit logs; and generating, via the processing module, a notification based on a comparison of correlation results and a database of permitted associations among multiple accounts used by a single user.