Learn more about Zscaler Private access here. If you’re ready to see it for yourself, you can also take a seven-day test drive.
A threat actor can perform lateral movement after compromising an endpoint connected to a network that lacks adequate access controls. They might achieve this through credential abuse, exploiting a vulnerability in a server or application, leveraging malware to create a backdoor, and various other methods. Many conventional network security measures won’t detect malicious activity because it appears to be coming from legitimate users.
Let’s look more closely at how lateral movement plays out.
A lateral movement attack occurs in three main steps:
Most types of attacks include, or can include, lateral movement techniques, including ransomware attacks and other malware, phishing, and others. Once they have established a foothold in a network, attackers can use that position as a base from which to conduct further attacks.
Using techniques such as hijacking and spear phishing, attackers can move across the network as if they were a legitimate user without alerting conventional cybersecurity measures to their presence.
Lateral movement isn’t one technique, but rather a strategic element of an attack that can take many shapes depending on the attacker’s needs. Common lateral movement attack tactics include:
In a network topology that allows unconstrained lateral movement, an attack can quickly move from host to host, often without tripping any alarms. Some malware does this far too quickly for any security team to contain—especially if you’re relying on security measures that only alert you after the fact.
The rise of hybrid and remote work has created problems of its own. Users connect from all manner of endpoints, which may all have unique security controls. Each of these can represent a potential vulnerability, another attack vector for attackers to use.
Most dangerous, though, is the risk of advanced persistent threats (APTs). A skilled attacker can persist in your network unseen for months, accessing privileged information and exfiltrating data.
Fighting back against lateral movement is a two-part exercise.
On the one hand, you need to stop lateral movement before it happens. To do that:
On the other hand, when attackers do get through, you need to be able to stop them in their tracks. For that, you need to:
Taking advantage of trust—not just the sort conferred by authentication, but also the sort conferred by human nature—is one of the oldest tricks attackers know. It persists today as one of the most effective ways they can position themselves to move laterally in your environment. To deny them that opportunity, you need to take trust out of the equation.
A zero trust architecture enforces access policies based on context—including the user's role and location, their device, and the data they are requesting—to block inappropriate access and lateral movement throughout your environment.
Zero trust requires visibility and control over your environment's users and traffic, including that which is encrypted; monitoring and verification of traffic between parts of the environment; and strong multifactor authentication (MFA) methods beyond passwords.
Critically, in a zero trust architecture, a resource's network location isn't the biggest factor in its security posture anymore. Instead of rigid network segmentation, your data, workflows, services, and such are protected by software-defined microsegmentation, enabling you to keep them secure anywhere.
Legacy network security solutions, like traditional firewalls and VPNs, are the problem. They create a massive attack surface that threat actors can easily see and exploit to get inside your environment. Worse, they put users directly on your network, giving bad actors easy access to sensitive data.
That’s why we built Zscaler Private Access™. As part of the world’s top rated and most deployed security service edge platform, it offers:
Zscaler Private Access applies the principles of least privilege to give users secure, direct connectivity to private applications while eliminating unauthorized access and lateral movement. A cloud native service, ZPA can be deployed in hours to replace legacy VPNs and remote access tools with a holistic zero trust platform.
Learn more about Zscaler Private access here. If you’re ready to see it for yourself, you can also take a seven-day test drive.
Understanding Attack Progression
Read the blogZscaler Private Access
Learn more2021 VPN Risk Report
Read the reportWhat Is Zero Trust Network Access (ZTNA)?
Read the articleZscaler Cloud Protection
Learn moreLateral movement is a strategy cybercriminals use to spread across a network. Once an attacker has a foothold in a network, they can plot a course to other devices and users to seek out valuable data to extract.
Hackers can use lateral movement to move throughout a network, identifying the most valuable data to extract. It can be very difficult to detect because even if one system is secured, an attacker or malware payload may have already moved on.
Cybercriminals use lateral movement to increase the potential impact of their attacks and avoid detection. Once they have established themselves inside a network, they can take advantage of internal trust mechanisms to access privileged accounts and data.