This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect:

  • RDP from public IPs
  • Password spraying
  • Kerberoasting
  • Mimikatz
  • Recon net commands
  • Hash dumping
  • Hits on a "honey domain admin" account
  • Users with non-expiring passwords
  • Hits on the SSH/FTP/HTTP honeypot

Tags:

Written by: Brian Johnson

Share on socials: