Analysis and Detection of Golden SAML Attacks

As organizations migrate to the cloud, new security challenges arise with an expanded attack surface. And this past year has proven that cloud security is not widely understood. Breaches like the Solorigate attack highlight the need for comprehensive logging visibility and new detection techniques to defend against cloud-based attacks.

Golden SAML attacks involve cybercriminals moving laterally from a compromised on-premises environment into the cloud. In this white paper, the LogRhythm Labs Threat Research team seeks to:

• Illuminate actionable information on this type of attack method
• Offer examples of how these attacks are carried out
• Provide practical applications to help you detect and respond to Golden SAML attacks using SIEM

Download this technical white paper to learn all about Golden SAML attacks and how you can improve your defense, both with manual threat hunts and real-time analytics engines.