Blog Post

EMA Picks Awake as Top 3 Solution for Detecting Lateral Movement, Credential Abuse & Threat Hunting

Choosing the right solutions to address the biggest challenges a security team faces is hard. That’s why EMA has done the leg work and dedicated hundreds of man-hours to collect and review data from vendor interviews and documentation, product demos, and most importantly real-world customer interviews.

All this research culminated in EMA’s latest “Top 3” report on Security Analytics for Threat Detection and Breach Resolution. The report highlights the best options for security teams to consider for specific use cases and is designed to aid decision-makers by narrowing the field to three best-in-class choices.

Awake Security featured prominently in this report and here’s some of what EMA had to say about the three critical use cases where Awake finished at the top:

Detecting Lateral Movement

“Lateral movement detection can result in high numbers of false positives and negatives. Awake Security deals with this challenge by tracking behaviors and attributing those to the entities rather than ephemeral characteristics, like IP addresses. It then presents this information in a forensic timeline for the entity and uses machine learning algorithms, like belief propagation, to score the risk for each entity.”

Identifying Credential Abuse

“Interestingly, Awake Security handles this differently. Their solution automatically determines identities based on parsing E-W protocols like Kerberos, SMB, etc. to gather the credentials. It then automatically tracks those entities as they move across the network and uses behavioral fingerprinting and clustering to identify similar entities (akin to the group relationships mentioned earlier). This approach is useful to handling unmanaged infrastructure (not in IAM systems) and in avoiding the need for integrations with those data sources.”

Threat Hunting with Mitigation/Containment

“Awake Security lets users build and save his or her own hunting rules through a powerful query language, and then automates future hunts for the security team. This allows senior analysts to save their hunts and junior analysts to follow up on any threats identified through this process.”

To read more and see EMA’s full recommendations for these use cases, you can download a full version of this decision guide white paper at:

For more on the methodology, EMA used to develop this research visit:


If you liked what you just read, subscribe to hear about our threat research and security analysis.

Tony Burquez
Tony Burquez