The shift to a larger remote workforce has expanded the attack surface for many organizations. With fewer traditional defenses in place, a remote system can be an easy target for attackers. A single host may not be the ultimate target, but instead can be the entry point into the network and other high-value assets. While security teams may detect the initial compromise and even remediate that host, what about the rest of the network? Did the attacker gain access to other hosts?
Lateral movement detection and visibility are more important than ever
Once an attacker gains initial access to a host, often through a phishing attack, they can secure administrative privileges, remotely execute commands, gather information about other systems and accounts and begin to move laterally.
As the attacker continues to gain deeper access into a network with increased privileges, lateral movement can be very difficult to detect because it can appear to be normal network traffic. With limited visibility and context, security teams are challenged to determine if an attacker has moved to other hosts. They may locate the initial compromise but cannot easily determine how or if it relates to other hosts. The longer the attacker is on the network, the more likely an attack will succeed.
Falcon Insight, CrowdStrike’s EDR solution, monitors endpoint activity, capturing and correlating events and details that are critical to detect lateral movement and enable investigation.
CrowdStrike’s Incident Workbench provides unique capabilities that illustrate the full scope of an attack, including lateral movement. The security team can quickly see all hosts and events involved in an incident. Users can drill down for deeper investigation with full event details and a broader set of lateral movement events originating from the source host of the incident.
Get immediate time to value, extend your visibility and protect your organization regardless of physical location. Try CrowdStrike’s Falcon platform for free: https://go.crowdstrike.com/try-falcon-prevent.html
Content Provided by Anne Aarness