Search
Search suggestions
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt

Detect and stop lateral movement when they are inside

Neha Kirtonia
|
November 8, 2020

Detect and stop lateral movement when they are inside

You may already have security tools to prevent attackers from breaking into your network, but what happens when one of your systems is compromised? There may be other approaches and knowledgeable security experts recognize that effective protections will include strategies for detecting and preventing post-compromise activities. 

Lateral movement is the longest step of an attack, accounting for around 80 % of an attack’s time span. The attacker will spend weeks or even months within the network, moving about slowly and carefully to access valuable data, jumping from system to system until they reach their target.

In addition to stopping lateral movement, organizations should also seek to detect these post-compromise activities. Lateral movement, Privilege escalation are all stages of the MITRE ATT&CK framework stage, which necessarily requires attackers to communicate on the network. This provides you with plenty of opportunities to detect attackers as they scrutinize your network, switch from system to system, and attempt to escalate their privileges.

Ask yourself these questions to determine how well are you stopping lateral movement in your environment:

  • Which network controls do I have for detecting and restricting device activity?
  • What percentage of my environment does log and endpoint data cover?
  • How do I monitor normal and abnormal activities?

Once attackers compromise a system and steal credentials, they can use native features to scrutinize the environment and switch from computer to computer until they find their target. The cybersecurity teams need to be able to investigate legitimate behavior from their internal networks to detect this kind of stealthy lateral movement within the east-west network.

Vehere’s PacketWorker helps in detecting post-compromise activity like network reconnaissance, privilege escalation, and lateral movement. It also helps in detecting threats that make use of native functionality to stay under the radar. 

To see how PW can detect lateral movement threats that other tools miss, reach out to us at [email protected]

Share post: