Lateral Movement is the expansion of control over network resources by the adversary following the initial breach.
Once the first endpoint is compromised, the Adversary uses techniques to acquire information about network systems that enable them to access and control additional endpoints remotely, without necessarily requiring any additional tools, such as a remote access tool.
The compromise and control over one endpoint then leads to the extension of control over numerous endpoints within a network. Once lost to the Adversary via Lateral Movement, the enterprise is on it’s own to re-establish control over its own resources.
Lateral Movement can lead to systemic damage, data theft and the ransoming of critical data.
A network with only 1,000 endpoints presents more than 700 million internal attack vectors* for the
Adversary to use to expand their control over assets.
*Typical volume of network links, outbound connections, local processes, local drivers, services, etc. available for exploit.
- Threats evolve continuously and unpredictably.
- Complex company networks are impossible to defend at the perimeter.
- Breaches occur routinely.
- Lateral Movement is the expansion of control over network resources by the adversary after the initial breach. It is the root of cyber damage.
- Firewalls and Antivirus don’t stop the enemy from moving laterally…because they’re already inside.
- Solutions to address lateral movement are passive, analytical or after-the-fact. They generate 50%+ false positive alerts.
- Detection is imprecise and incorrect – using labor hours to chase down incident alerts is just like responding to the boy who cried wolf.
The attack must be disrupted before harm is possible.
Intrusion detection is a priority…But current solutions actually help the enemy by driving your costs up.
The promise of AI is being harnessed to detect Lateral Movement. It won’t work.
Data science attempts to Identify signatures or behavioral anomalies.
Difficult to implement. Easy to break. Influence-able by the adversary.
After-the-Fact. Human intervention required.
Mainly applicable to large enterprise only.
False Positives. Incident response labor/cost goes up.
Spending more on detection products and incident response manpower doesn’t change the dynamic or make you safer
Detection doesn’t neutralize and eliminate threat in time to stop damage.