lateral movement Blog Terms - Attivo Networks

lateral movement

DZone Logo

13 Lateral Movement Tactics Security Experts Should Recognize

One of the most curious elements of this year’s Verizon Data Breach Investigations Report (DBIR) was the inclusion of the new attack pattern “system intrusions.” Representatives from Verizon identified the category as a broad one that tends to include attacks with many steps, indicating significant lateral movement within the network. Research shows that many recent …

13 Lateral Movement Tactics Security Experts Should Recognize Read More »

Hacker Noon Website Logo

Understanding Lateral Movement and How to Detect It

By Carolyn Crandall, chief security advocate, Attivo Networks Lateral movement broadly applies to an attacker’s activity within the network after penetrating perimeter defenses, using various tactics, techniques, and procedures (TTPs). Today’s organizations must understand those TTPs and ensure that their controls are effective across on-premises, remote, and cloud attack surfaces. The MITRE ATT&CK framework plays a beneficial …

Understanding Lateral Movement and How to Detect It Read More »

Attivo Networks IDEntitleX reduces the attack surface for identities and entitlements in the cloud

Attivo Networks announced a new Cloud Infrastructure Entitlement Management (CIEM) solution, IDEntitleX, designed to deliver visibility and reduce the attack surface for identities and entitlements in the cloud. IDEntitleX expands the company’s leadership position in providing unprecedented visibility and prevention of identity privilege escalation and lateral movement threat activity. With this new product introduction, Attivo becomes …

Attivo Networks IDEntitleX reduces the attack surface for identities and entitlements in the cloud Read More »

Attivo Networks Named to Global CyberTech100 List Two Years in a Row

FREMONT, Calif. – June 8, 2021 – Attivo Networks®, the industry experts in preventing identity privilege escalation and detecting lateral movement attacks, today announced it was named to the Global CyberTech 100 List, which honors the world’s most innovative CyberTech companies that financial institutions should know about when they develop their information security and financial crime-fighting strategies.

Hafnium Microsoft Hack– Active Exploitation of Microsoft Exchange and Lateral Movement

Written by the Attivo Research Team – Contributing members: Gorang Joshi, Anil Gupta, Saravanan Mohan – Microsoft and Volexity have confirmed the active exploitation of vulnerabilities published by Microsoft in Exchange Server. Security research has attributed the exploitation to the Advanced Persistent Threat group known as Hafnium operating out of China. After the initial compromise, Hafnium operators accessed email accounts and deployed web shells on the compromised servers, which they then used to steal data and expand the attack. Since enterprises deploy Outlook Web Access (OWA) on public networks, it enabled the group to compromise many organizations across a large set of industries, according to ThreatPost’s blog.

Defense in Depth – Filling the Gaps to Detect and Stop Lateral Movement

During the SolarWinds breach, attackers had a back door into potentially thousands of networks. Typical security controls focus on detecting the initial compromise but seldom the lateral movement and privilege escalation activities that attackers spend most of their time executing. Join us for a discussion where you will see how the Attivo Networks Endpoint Detection …

Defense in Depth – Filling the Gaps to Detect and Stop Lateral Movement Read More »

Detecting Lateral Movement

Preventing Lateral Movement

Written by: Vikram Navali, Senior Technical Product Manager – All it takes is one compromised system to start a cyberattack. Once attackers get a foothold inside the network, they can gather information or escalate privileges to complete their mission. After gaining initial access, attackers use lateral movement techniques to gain access to critical assets. A perfect example is the recent SolarWinds software supply chain attack, where attackers kept their malware footprint very low. As sophisticated attackers will do, they quietly stole and used credentials to perform lateral movement through the network and establish legitimate remote access.

The SolarWinds Attack: How to Address Lateral Movement On-Demand Webinar

Joseph Salazar, Technical Marketing Manager | Attivo Networks 22 mins The SolarWinds supply chain breach garnered much attention and concern, especially for potentially vulnerable organizations. While the compromise method was novel, analysis indicates that the attackers used typical in-network attack activities, such as credential theft, privilege escalation, discovery, and lateral movement. To defend against such …

The SolarWinds Attack: How to Address Lateral Movement On-Demand Webinar Read More »

Scroll to Top