Microsoft Corporation
REAL-TIME DETECTION OF RISKY EDGE IN LATERAL MOVEMENT PATH

Abstract:

The detection of a risky edge in a lateral movement path is detected by determining the weakest point in the configuration of the user accounts, groups, and devices having access to the resources of a tenant of the cloud service. A lateral movement graph having nodes of user accounts, devices, and groups and edges representing relationships between the nodes is used to compute a risk score for each edge in the graph. The risk score of an edge is used to identify a weak connection and potential target for a lateral movement attack.