ExtraHop, a leader in modern network detection and response (NDR), is introducing powerful new capabilities to detect the malicious use of PowerShell—delivering the critical visibility needed to dismantle the attack kill chain and providing essential insight to stop lateral movement in its tracks.
According to the company, remote management tools such as PowerShell have become a notable weapon for attackers. Threat actors often use PowerShell for “living-off-the-land” to go under the radar as they map the network, identify targets, and navigate around to escalate their user privileges in a quest to gain control of the network. By using remote management tools and encrypting their commands, it allows attackers to obfuscate their actions and go undetected by traditional tools.
To overcome these challenges, ExtraHop has added several new detections and capabilities that add context to those detections.
Detections using PowerShell commands and other lateral movement techniques such as Invoke Sharefinder Enumeration attempt and Group Policy Preferences Password Enumeration enable enterprises to spot attempts to access other devices for sensitive information or credentials.
ExtraHop decrypts and uncovers the content hidden within these malicious commands—even when they are encrypted inside protocols like MS-RPC and WSMAN—allowing analysts to follow a threat’s path across the attack kill chain.
With ExtraHop, enterprises benefit from the ability to:
- Uncover hidden threats with critical context
- Detect lateral movement before threats escalate
- Stop living-off-the-land attacks
“Without the ability to decrypt and decode commands that would otherwise be hidden, enterprises will fall victim to PowerShell attacks,” said Anthony James, VP, product marketing, ExtraHop. “ExtraHop has developed an incredibly robust way to make this a reality for our customers, leveraging our native decryption and protocol fluency to fully capture malicious PowerShell commands that other tools miss. With this level of visibility, enterprises can expose lateral movement and stop an attack before threats turn into impactful breaches.”
For more information about this news, visit www.extrahop.com.