/plushcap/analysis/datadog/datadog-lateral-movement-entra-id-azure

From on-prem to cloud: Detect lateral movement in hybrid Azure environments

What's this blog post about?

Threat actors can use various tactics to access cloud environments, services, and data through lateral movement techniques. These methods involve pivoting from one host to another within an environment, often using other tactics such as initial access and privilege escalation. Microsoft Entra ID (formerly Azure Active Directory) is a cloud-based directory service that can be exploited by threat actors for lateral movement in hybrid Azure environments. Common entry points include misconfigurations in devices, overly permissive service accounts, and exposed secrets, keys, and user credentials. Detecting initial signs of unusual activity and tracking them to determine a threat actor's next steps is crucial in preventing lateral movement from advancing. Datadog Cloud SIEM can help users detect and respond to malicious activity captured in their logs, while also linking actions directly to specific identities such as users or service principals.

Company
Datadog

Date published
Oct. 25, 2024

Author(s)
Mallory Mooney

Word count
2216

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.