Lateral movement is one of the most consequential types of network activity for which organizations need to be on the lookout.After arriving at the network, the attacker keeps ongoing access by essentially stirring through the compromised environment and obtaining increased privileges (known as “escalation of privileges”) using various tools and techniques.Attackers then use those privileges to move deeper into a network in search of treasured data and other value-based assets.As such, lateral movement is an important approach that differentiates today’s advanced persistent threats (APTs) from traditional cyberattacks. It’s a sign of a threat actor that’s sophisticated enough to work towards avoiding detection and retaining access even if its presence is discovered on the machine that it first infected.With this extended dwell time, the threat actor might not begin pilfering data until weeks or even months after the original breach occurred.Network Knowledge: The Key to Beating Lateral MovementIn order to defend against lateral movement, it’s important to understand what the environment should look like, how it is managed and how it can be set up for optimal operations.Having a security baseline that’s tied to the critical information security controls is of paramount importance in that effort. Indeed, as hardware, software and other assets deviate from their secure baselines, these changes become clear indicators of whether something is out of compliance with its “golden image.”Bu ..
Support the originator by clicking the read the rest link below.
: Your Friendly Network Detective Control){kind=link}