What is microsegmentation?
06/10/2022What is a CDN
06/10/2022What is lateral movement?
Lateral movement is the set of techniques that attackers use to gain access to additional assets after they have initially penetrated network defenses. After initial access and landing within a datacenter or IT environment, cybercriminals use stolen login credentials (obtained via credential theft or phishing attacks) to impersonate legitimate users, moving more deeply into systems to access sensitive data, intellectual property and other high-value assets.
Why is lateral movement dangerous?
When attackers use lateral movement effectively, it can be very difficult for IT teams to detect. Lateral movement often blends in with the large volume of legitimate east-west traffic within a datacenter, making it harder for endpoint security technology to recognize.
This diagram illustrates how microsegmentation techniques are used to divide a network into secure units to prevent lateral movement (or east-west traffic)
The danger of lateral movement attacks
As the landscape of cyber threats continues to evolve, IT cybersecurity teams remain focused on preventing breaches from penetrating network defenses. But many teams also recognize that not all breaches can be prevented. In fact, when it comes to experiencing a cyberattack, it’s more a matter of “when” rather than “if.”
That’s why savvy organizations today are also focused on detecting breaches quickly and minimizing the damage they can cause. In some ways, this is a bigger challenge, since it requires network security teams to monitor the vast amount of east-west traffic within a network, looking for signs of lateral movement that indicate potential malicious activity. Most organizations, however, have little visibility into east-west network traffic, especially if they are relying on traditional technologies like legacy firewalls for application control and application allowlisting.
Zero Trust Security Transformation
See 7 key requirements for implementing a Zero Trust security framework that protects applications and users from advanced threats on the internet.
Akamai can help. Our solution provides tools for deep visibility, microsegmentation and threat intelligence that can help you quickly detect lateral movement, reduce your attack surface and minimize the impact of cyberattacks and advanced persistent threats.
How do lateral movement attacks work?
Lateral movement is the series of steps taken by attackers who have already gained access to a trusted environment and who are looking for high-value assets. Once inside the network, attackers identify the most vulnerable or valuable assets and take steps to reach them by expanding their level of access.
This type of lateral movement usually starts with infecting or compromising a datacenter or cloud node using stolen credentials. From that point, attackers use a variety of techniques to probe the network, nodes and applications, looking for vulnerabilities to exploit and misconfigurations that allow them to move successfully to their next target, often with stolen credentials obtained through phishing emails or credential dumping.
When done effectively, lateral movement can be extremely difficult for IT teams to detect, as the activity blends in with large volumes of legitimate east-west traffic. As attackers learn more about how legitimate traffic flows within the environment, they have an easier time masquerading their lateral movement as sanctioned activities. This difficulty in detecting lateral movement allows security breaches to escalate quickly to devastating proportions.
To stop lateral movement attacks, cybersecurity teams need three critical capabilities. They must be able to visualize east-west traffic in real time and on a historical basis, allowing them to identify potential malicious activity more easily. They can also use microsegmentation security solutions to apply network hierarchies, workload- and process-level security controls to critical assets, blocking attempts at lateral movement. And they can use deception technology to redirect suspicious behavior to high-interaction deception engines where IT teams can learn more about the lateral movement attack for threat hunting and how to craft better security policies to prevent it.
Visualizing east-west traffic
Organizations seeking more proactive lateral movement security can begin by visualizing the east-west traffic in their environment. Once a clear baseline of sanctioned east-west traffic is established and viewable on a real-time and historical basis, it becomes much easier to identify unsanctioned lateral movement attempts.
This is one of the flagship capabilities of Akamai’s solution. Guardicore Centra technology uses network and host-based sensors to collect detailed information about assets and flows in data center, cloud, and hybrid environments, combines this information with available naming labeling (naming conventions) information from orchestration tools, and displays a visual representation of east-west traffic in the environment.
5-Step Ransomware Defense Ebook
Discover how to strengthen your defenses beyond the perimeter.
How does lateral movement control fit within a Zero Trust security strategy?
Rather than a technology or product, Zero Trust is a framework for understanding security. It provides CISOs and other security leaders with a strategic, architectural approach to a more rigorous security strategy posture that helps prepare their organizations for a landscape of escalating risk.
A Zero Trust architecture abandons the idea of a trusted network within a defined perimeter. The goal is to minimize the attack surface and prevent the kind of lateral movement throughout a network that so many cyberattacks rely on. When a breach or data exfiltration occurs, a Zero Trust architecture will prevent intruders from moving laterally to easily access other systems or sensitive data. This approach supports new business and operational models that require speed and flexibility. And it facilitates compliance with regulations that require stronger protection of consumer data and separation of critical and non-critical assets.
To progress on your Zero Trust journey, safeguarding users, applications — and the future of your business — we suggest you:
To successfully implement a Zero Trust model, security teams need two fundamental capabilities: total visibility into their internal network environments, and segmentation capabilities that let them quickly and efficiently create microperimeters around critical assets. Comprehensive visibility is essential to developing the understanding of application dependencies and traffic flows on which security policies should be based. And fast and efficient segmentation capabilities are required to adapt to changing business requirements and complex, dynamic, hybrid data center environments. Traditional security approaches that are primarily focused on external threats fall short on both of these capabilities.
Detecting lateral movement with Akamai Guardicore technology
Our solution delivers a single, scalable platform that provides all the capabilities you need to detect lateral movement and neutralize attacks like ransomware and advanced persistent threats. With real-time threat detection and response capabilities, our solution makes it easy to detect lateral movement techniques and minimize dwell time throughout the entire cyberattack kill chain.
Our solution is a software-based network segmentation solution that lets you achieve higher levels of security faster, easier and more cost-effective. Unlike legacy firewalls and VLANs, our solution provides deep visibility into application dependencies and flows so you can understand more easily what’s happening in your environment. Because our technology is decoupled from the physical network, you can swiftly apply microsegmentation and privileged access policies to protect critical IT assets from lateral movement no matter where they reside – on premises, in the cloud, or in hybrid infrastructure.
Stop the Impact of Ransomware White Paper
Protect your enterprise and contain the lateral movement in your network.
Addressing Lateral Movement
Akamai offers significant advantages over other security technology when it comes to detecting and stopping lateral movement.
Achieve greater visibility
With process-level enforcement of microsegmentation policies, Akamai can easily detect, alert and block unauthorized processes from accessing critical IT assets. The result is a much smaller attack surface that limits lateral movement
Minimize dwell time
Our solution discovers malicious activity earlier in the kill chain to prevent attackers from using lateral movement to spread throughout an environment. Akamai delivers details on threat actors, apps, brute force attempts and attackers’ tools and techniques that can help incident response teams to prioritize investigation and reduce dwell time.
Accelerate incident response
Our solution can automatically export indicators of compromise to security gateways and SIEM. Our platform provides a single-click update to segmentation policies to remediate traffic violations. And security teams can trigger actions on VMs to prevent the spread of damage from ransomware attacks.
Improve threat intelligence
Our solution provides intelligence into threats so security teams can refine segmentation policy. Centra collects the entire attack footprint, including files and tools being used and uploaded. Deep forensics help expose user credentials, attack methods, propagation tactics and more.
Disrupt attackers with deception
High-interaction deception on the solution platform can disrupt attackers and capture attack details. Centra uses reputation analysis to detect suspicious domain names, IP addresses and file hashes within traffic flows.
Why choose Akamai?
Customers choose Akamai to simplify segmentation and stop lateral movement for several key reasons.
Segmentation without downtime
With Akamai, you can implement microsegmentation policies to stop lateral movement with no changes to networks or applications and no downtime
Faster risk reduction
Isolate critical applications up to 20x faster than with legacy firewalls and other solutions
Cost savings
Reduce the cost of protecting your IT environment by as much as 85% over using firewalls
Consistent enforcement
Use the same level of granular, process-level rules on different operating systems and throughout your environment
Coverage everywhere
Protect critical IT assets in any environment – on-premises, in the cloud, on virtual servers, endpoints, on bare metal or in containers
Centralized management
View assets and dependencies, manage segmentation, detect threats, malware, phishing attempts and respond to incidents from a single pane
Streamlined compliance
Automatic validation of network-related compliance policies let you reduce the cost and effort required for compliance