ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Unconventional Internal Connection

Risk Factors

After an attacker infiltrates a network, the attacker can try accessing different devices in the network to achieve their goals, such as account discovery or lateral movement. Unconventional connections between internal endpoints that are not expected should be examined before critical or costly attacks occur.

The system might change the risk score for this detection.

Kill Chain

Exploitation

Risk Score

65

Next in Exploitation: Unconventional Protocol Communication

Attack Background

Mitigation Options

Quarantine the device to check for indicators of compromise

Implement the principle of least privilege to minimize the damage caused by a compromised device

Implement network segmentation, security zones, and firewall policies that limit how devices can communicate

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right