There’s a Hole in Your Threat Detection Strategy—It’s Called East/West Traffic
One of the most popular targets for attackers, cybercriminals, and other bad actors is east/west network traffic. This is network traffic that originates from one internal host or network segment, and whose destination is another internal host or network segment.
North/south traffic, on the other hand, moves from an internal network out to the Internet. North/south is where organizations have historically invested, and includes security controls such as firewalls, intrusion detection/prevention systems, and proxies.
Ensuring good threat detection for east/west—or lateral—traffic has never been more important for organizations. The ability to move undetected through the network is key for successful ransomware attacks, and detecting that movement is increasingly critical as damaging and sophisticated ransomware becomes more pervasive.
Companies can choose from several methods to address the challenge of protecting lateral traffic, but each of these has limitations that ultimately make them ineffective at detecting lateral movement. One emerging method—threat deception—uses new technology and a different approach that delivers the comprehensive protection organizations need to efficiently monitor east/west network traffic.
Read the complete article by Carolyn Crandall, Attivo Networks in Cyber Defense Magazine.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise