You are here

Protection Against the Lateral Movement of Malicious Activity

More Data Breaches Despite Higher Cybersecurity Spending

While cybersecurity spending continues to rise year after year, we are stiill seeing a steady increase in security breaches. . Not only are attacks today much more targeted, sophisticated, and resourceful, but we are still falling victim to tools and methods that penetrated our defenses in years past. “Attackers are streamlining and upgrading their techniques, while companies struggle to fight old tactics” Symantec ISTR, 2015

Traditional security perimeters get by-passed all the time, and data breaches on average go unnoticed for more than 200 days“In 60% of cases, attackers are able to compromise an organization within minutes” Verizon DBIR, 2015

Once inside of an organization, hackers often find a flat network and are able to move from one system to the next without much trouble. The lack of segmentation between network segments and between business applications makes attacks very hard to detect or stop; which ends up increasing the impact of the attack as all IT assets become potential targets.

How to Mitigate Lateral Movement of Malicious Activity

How to Mitigate the Lateral Movement of Malicious Activity

Put a Halt to the Lateral Movement of Malicious Activity

While perimeter security technologies still form a great first line of defense, organizations need to put in place a second layer to stop hackers who successfully penetrated the network from jumping from one system to the next. With Catbird you can protect your virtual infrastructure against such attacks by putting in place simple but very effective security policies around logical segments you define.

Catbird allows you to group virtual assets into logical zones called Catbird TrustZones. This means that independent of the underlying network topology – and thus without having to make any network changes – you can group applications or applications tiers into zones to then apply specific fine-grained security policies for each zone.

Let’s take an example: An e-commerce application middle tier needs to communicate with the e-commerce web front-end, a back-end SQL database server and with a management console. A simple Zone Access Control Policy will allow just these communications (specified by services and ports) but block all other traffic. Even if a hacker would have successfully taken control over another application, a lateral spread to this e-commerce application would be stopped and thus unsuccessful. And it gets better; the failed connection attempt would also be logged by Catbird and if configured so, passed onto a central SIEM or ticketing system so it can be flagged and escalated as a suspicious event.