Endpoint
Protection

You need to gather information from the user's endpoint to identify normal. Additionally, if you need to take response actions in response to suspicious activity, you must have a way to isolate an endpoint, which endpoint protection can give you.

Network
Protection

99% of all attacks will traverse your network at some point. Network protection products like NDRs are great ways to detect if a user moves an abnormal amount of data across the network.

Identity Management
& CASB

A least-privilege approach to user provisioning can ensure that if a user’s credentials are compromised, the attacker will face some challenges attempting to navigate the network freely. Additionally, Cloud Access Security Brokers (CASB) are essential to administer corporate identity policies across all your cloud environments.

User & Entity
Behavior Analytics

While you gather data from endpoints and servers with your endpoint protection, the heavy lifting when identifying normal and abnormal behavior occurs in a User and Entity Behavior Analytics (UEBA) solution. Understanding normal is critical to identifying compromised credentials. Without this layer of protection, security teams will always be recovering from an attack rather than stopping it from happening.

Security
Analytics

While the impact of compromised credentials is evident once an attacker deploys the attack, there are opportunities to detect potential signs of compromised credentials when actively monitoring and correlating user and entity behaviors and flagging suspicious activities.

Automated
Response

With the previous protection layers in place, you need a way to respond to a detected threat at scale quickly. An automated response product like SOAR can distinguish between a localized credential issue and a widespread breach.