In cybercrime, there are several terms that companies need to understand to know their movement patterns. One of the terms companies need to know in order to prevent cyberattacks is Lateral Movement. Do you know what Lateral Movement is? Let us have a quick look at the explanation below.

What is Lateral Movement?

Lateral Movement is a technique cybercriminals use after gaining initial access to move further down the network and search for sensitive data and other high-value assets. The first step in lateral movement is to do internal network reconnaissance. This step gives cybercriminals an idea of the reality of network location and the overall structure.

To keep cyber criminals from being seen, they strengthen their “camouflage” by compromising with additional hosts and increasing their privileges. After that, cybercriminals can control the target they want to reach, such as domain controllers, systems, or sensitive power. Every credential that cybercriminals collect will gain legitimate access to more hosts and servers. So, once they achieve their goal, data can be exfiltrated, and the system or devices are successfully sabotaged.

Stopping Lateral Movement

Some companies already have cybersecurity in place to prevent cybercriminals from getting into their company’s IT environment. But what happens if a cybercriminal compromises one of the company’s systems? We all know that a comprehensive defense system not only prevents but cybersecurity must also be able to detect and stop advanced threats.

Information obtained from Extrahop says that network segmentation will help prevent cybercriminals from moving laterally in the IT environment. However, network segmentation is difficult to set up and maintain and can be a barrier to doing business.

Therefore, companies need to detect the movements of cybercriminals. You need to examine your system and evaluate how well your company is stopping lateral movement in the IT environment by answering the following questions:

• What network controls does the company have to find and limit device activity?
• What percentage of the company’s IT environment is covered by log data and end-points?
• How does the company’s IT system track normal and abnormal account activity?

NDR Does What Other Tools Can’t

NDR is a network detection and response, one of the cybersecurity solutions that can detect malicious activity through network traffic analysis. This solution provides visibility into the activity that other cybersecurity solutions cannot. Cybercriminals cannot know whether NDR passively monitors the network traffic that cybercriminals pass through or not. NDR can also detect cybercriminals that try to exploit IoT systems and remote applications attacked by cybercriminals. If your company uses EDR and SIEM, this NDR security solution will enhance your IT security system and prevent lateral movement.

Aplikas Servis Pesona is a company engaged in the IT Security sector. IT security solutions for your company will be easily implemented by experts who have received special certifications. Aplikas Servis Pesona, a subsidiary of Phintraco Group, is ready to provide suitable IT security solutions for your company, including NDR or Network Detection and Response.

Contact us through email at marketing@phintraco.com to learn more about the NDR solution.

References:

https://www.extrahop.com/company/blog/2020/detect-and-stop-lateral-movement/

https://www.ncsc.gov.uk/guidance/preventing-lateral-movement