Intelligent CISO Issue 37 | Page 33

PREDICTIVE INTELLIGENCE

Expert says CISOs need to take lateral movement seriously

CISOs are faced with the challenge of their enterprise-level environments being vulnerable to lateral movement in their networks . Carolyn Crandall , Chief Security Advocate and CMO at Attivo Networks , says most CISOs are familiar with the role lateral movement plays in attacks , but organisations need to back up this knowledge with action . thief breaking into

A your home can be a minor experience , or a devastating one . It ’ s one thing when the criminal leaves after grabbing the first item they see , but it ’ s a whole different story when they have time to map out where your valuables are and plan the best ways to steal them . Worse yet is when the thief secures the ability to return repeatedly and steal from you again and again . All of this can occur even with doors and windows locked and perimeter security systems installed .

A similar scenario often crops up in cybersecurity . When attackers gain access to an organisation ’ s network , they look for opportunities to move laterally through the environment and escalate their privileges . They use this information to gain control of resources , change permissions and security settings for greater access , and cover their tracks . This activity can be extremely tricky to detect as these attackers will impersonate real users and appear like regular activities .
Most CISOs are familiar with the role lateral movement plays in attacks , but organisations are not backing up this knowledge with action . Most still rely heavily on perimeter defences , behavioural anomaly detection and log management , which provide limited visibility and unmanageable alert volumes . Today ’ s advanced threats actively leverage lateral movement , which has become an Achilles heel for many organisations . As this issue becomes more severe , CISOs are increasingly beginning to take note .
Thinking laterally
The authors of last year ’ s Mandiant Security Effectiveness report found that 54 % of the ‘ techniques and tactics used to execute testing of lateral movement were missed ’. They also found that 96 % of lateral movement behaviours did not have a corresponding alert in the SIEM , meaning that defenders were left blind in the face of an attack . These stats are concerning , especially since there are solutions to prevent lateral movement .
From the endpoint , lateral movement defences can stop a threat actor at an earlier stage of the attack cycle and reduce the risk of a more significant
Carolyn Crandall , Chief Security Advocate and CMO at Attivo Networks breach . One approach relies on ‘ micro-segmentation ’, which divides a network into smaller pieces to slow or stop attacker progress . Others work on an intelligence basis by identifying signs of attack . Intruders often give away their intentions , offering a further opportunity to stop them as they carry out reconnaissance or test the network for vulnerabilities .
Defenders may also use deception and concealment technology to trick threat actors into giving away their presence or tactics . They can place fake Active Directory ( AD ) credentials or other bait on the network or within endpoints that look like real production assets and serve as tempting targets for attackers . In reality , they are bait or breadcrumbs that lead to traps that reveal the attacker ’ s presence and allow security teams to banish them from the environment . Innovations in concealment technology can hide real data and AD objects , preventing attackers from finding or accessing the targets they seek .
Once defenders identify an attack , they should seek to impede attackers from gathering intelligence on targets such as credentials , live hosts , open services and AD accounts . Defenders can also look for vulnerabilities , exposures and misconfigurations that create attack paths and remediate them so attackers can ’ t easily achieve lateral movement and privilege escalation . Those seeking an Active Defence can also use the attacker ’ s force against them by www . intelligentciso . com
33