Lateral Movement Vector

Solutions

Challenge

Deploy attack techniques, tools and methods used to gain access, elevate privileges, and spread across systems, following the initial compromise of a single endpoint.

Assess

See how far an attacker can propagate within the network, which attack and spreading techniques were used at every hop, and shares, credentials and other assets that were discovered or used.

Optimize

Resilience to lateral movement, segmentation enforcement, fix infrastructure misconfigurations and improve IT hygiene.

Benefits

Visualize and mitigate attack paths from initial foothold to enterprise crown jewels

Gain visibility on critical assets and vulnerable machines at risk from an adversary landing in the network
Prevent security drift – continuously validate IT hygiene and use of best practices
Mitigate attack techniques and tools and infrastructure misconfigurations manipulated by attackers
Improve ineffective segmentation policies and enforcement
Production safe

Lateral Movement

What happens when a hacker gets an initial foothold in your network?  
Starting from a single compromised endpoint, this validation module challenges your internal networks by applying a variety of real techniques and methods used by attackers to gain access and control additional systems on a network. Once an organization’s perimeter defenses fail and endpoint security is bypassed, providing the attacker a foothold in the organization (see Endpoint Security Vector) lateral movement inside the network is a common next step in a breach or ransomware scenario.  

Cymulate’s Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. Real techniques and methods are used to laterally move inside the network. Vulnerabilities and vulnerable machines are correlated to Vulnerability Scanner findings through out-of-the-box integrations. Vulnerabilities are not exploited in order to remain production safe. 

On average, attackers can dwell in a network for three months before detection. In ransomware attacks they can create havoc within a few hours of penetration. 

As threat actors move deeper into the network, their movements and methods become more difficult to detect especially when they abuse Windows features and tools typically used by IT administrators (e.g., PowerShell). Gaining administrative privileges also makes threat actors’ activities undetectable and even untraceable.

Such attacks can force small companies out of business. Some well-known examples were the WannaCry and NotPetya attacks, the latter which literally shut down the operations of the shipping giant Maersk, causing hundreds of millions of dollars in damages. 

The results of the Lateral Movement assessment are presented in an interactive graphic diagram that shows the attacker’s lateral movement path, along with Cymulate’s risk score, KPI metrics and actionable mitigation recommendations.  It details both the attack and spread methods providing IT and security teams guidance to take appropriate countermeasures and increase their internal network security.