Partial solutions to solve the lateral movement challenge​

SOLUTION #1: Endpoint protection​

Existing solutions: EDR, XDR, NGAV, EPP.​

Challenge: Lateral movement is carried out by the same tools admins use to connect to remote machines, such as PsExec and PowerShell. Endpoint solutions see these as legitimate software that’s allowed to run.​

Results: Lack of accurate detection, ability to terminate in real-time. At best, allows for reactive threat hunting for anomalies that have already occurred.​

SOLUTION #2: Network segmentation​

Existing solutions: Zero Trust Network Access (ZTNA), Next-Generation Firewalls (NGFW), Software-Defined Perimeter (SDP), Micro-segmentation Platforms, Network Access Control (NAC)​

Challenge: Adversaries can bypass segments by discovering key resources such as file servers, Domain Controllers, SQL databases,app servers, and even admin workstations.​

Results: Possibility for the attacker to escape the segment and move to other resources uninterruptedly, bypassing the segmentation. At best, can sometimes limit or contain lateral movement depending on how the network is segmented.​​