Detecting Lateral Movement activity: A new Kibana integration

Cyber attacks are increasingly sophisticated, with lateral movement being a common tactic where attackers impersonate legitimate users to move between systems stealthily. To combat this, a new Lateral Movement Detection package has been integrated into Kibana, featuring anomaly detection jobs, security rules, and an endpoint malware classifier to simplify the detection of such activities. These tools work by analyzing file transfer behaviors, focusing on specific protocols used for lateral movement, and flagging anomalies like spikes in file creation, unusual data transfers, and rare file extensions. The package utilizes anomaly detection and MalwareScore correlations to identify potentially malicious file transfers, with detection rules that can be customized based on severity and risk. Users can install the package through Kibana’s Integrations app and adjust detection settings to suit their environments, with the option for a free trial on Elastic Cloud for new users. Feedback is encouraged through community forums as the package continues to evolve.