Security Weekly RSAC 2019: Proactively Hardening the Network Against Lateral Movement

Security Weekly interview with Wade Lance, Principal Solution Architect at Illusive Networks

Lateral movement from host to other hosts, after an attacker has breached a network, is a major challenge for cybersecurity teams. Once an attacker has access to one host, they can leverage the credential and connection data on it to move to neighboring hosts. And if they are able to do so, it’s very difficult for security analysts to differentiate that behavior from normal behavior.

Furthermore, this Living-off-the-Land (LotL) technique requires no external software, and an attacker relies simply on pre-installed Windows tools and processes to allow them to move inside a network. This makes it easier for them to remain undetected, and presents another level to the challenge of detecting hidden malicious lateral movement.

A key way to fight this type of cyberattack is to preempt attackers, by hardening your network and improving cyber hygiene. To do that, organizations must identify and eliminate extraneous data in host machines that attackers can exploit—cached domain admin credentials, disconnected RDP sessions, local admin accounts using the same password, and more.

Even in organizations with strong network security and cyber hygiene, it only takes an instant for a malicious insider or intruder to take advantage of a window of opportunity, resulting in a data privacy breach, intellectual property theft, cyber fraud, or disruption of critical infrastructure and services.

In this video interview with Security Weekly recorded at the 2019 RSA Conference, Wade Lance, Principal Solution Architect at Illusive Networks, explains the relationship between successful deception, network visibility and attack surface reduction—and details how the Illusive platform is leading the way in the field.

Watch the video to learn:

  • The key challenges of detecting hidden malicious lateral movement inside a network
  • How to make deception truly effective - by highly targeting each host, after having gathered and removed real and risky credential and connection data
  • How Illusive is able to gain knowledge of and understanding an attacker, and  awareness of what potential pathways are there for them to move laterally
  • How Illusive’s attack surface reduction capabilities fit more generally in the vulnerability management discipline

To fully achieve cyber network security, cutting down on attacker lateral movement is critical. The more connectivity there is, the faster they can move. Through the power of Attack Surface Manager, organizations are able to gain network visibility, improve cyber hygiene, and reduce vulnerabilities with confidence and ease.