Get a quick overview of the progress of ongoing targeted attacks and affected endpoints.
This section displays information about attacker activity for four phases that precede
command-and-control communication. Find out if attackers are attempting to gain or
maintain
their foothold on your network, or if data exfiltration or some form of system impact
may soon
occur.
Click on the desktop or server icons on each phase to view endpoints affected during
the
attack phase.
|
Attack Phase
|
Description
|
|
Initial Access
|
An attacker has gained access or is attempting to gain access to your environment.
If successful, attackers may attempt to move to the next attack phase.
|
|
Persistence
|
An attacker is attempting to maintain or increase access to your environment. If
successful, attackers may attempt to load malcious payloads onto your environment,
such as bots and malware, which may remain dormant in your environment even if the
attacker stops.
|
|
Credential Access
|
An attacker has obtained or is attempting to obtain account credentials within your
environment. Data exfiltration or some form of system impact may occur soon.
Attackers may attempt to interrupt, manipulate, steal, or destroy critical
assets.
|
|
Lateral Movement
|
An attacker is expanding or attempting to expand the attack scope within your
environment. Data exfiltration or some form of system impact may soon occur.
Attackers may interrupt, manipulate, steal, or destroy your critical assets.
|
|
Impact
|
A targeted attack of high severity which reaches the final attack phase may cause
significant damage within your environment. This section estimates the overall
impact of the ongoing campaign according to attack indicators and affected
endpoints.
|