The growing threat of unsanctioned east-west traffic
While IT security teams put substantial time and investment into preventing network intrusions, it only takes a quick look at the daily news to be reminded that major security breaches, many caused by lateral movement attacks, are inevitable.
315 Days
Average time to detect and contain a data breach caused by a malicious attack.
(IBM)
66%
Say legacy firewalls are not effective in restricting lateral movement.
(Ponemon)
15%
Feel prepared to defend against lateral movement.
(Ponemon)
How lateral movement works
Lateral movement typically starts with an infection or credential-based compromise of an initial data center or cloud node. From there, an attacker may employ various reconnaissance techniques to learn more about the networks, nodes, and applications surrounding the compromised resource.
Block lateral movement and reduce dwell time
While many organizations continue to invest in legacy firewalls, today’s true security battleground is inside the firewall. Guardicore Centra provides a single, scalable platform with real-time threat detection and response capabilities, to detect lateral movement and minimize dwell time, through the entire cyber attack kill chain.
1
Identify reconnaissance efforts
2
Known malicious IOCs detected
3
Suspicious activity routed to deception
4
Prevent malware propagation
5
Prevent data transfer
6
Deny rules block unauthorized access
7
Microsegmentation policies to prevent lateral movement
8
Prevent privileged escalation
9
Block known C&C servers
How Guardicore can help prevent lateral movement
The Guardicore Centra Security Platform is the leading micro-segmentation security solution that delivers a simple and intuitive way to detect lateral movement, reduce the attack surface and detect and control breaches within east-west traffic. It provides deep visibility into application dependencies and flows and enforcement of network and individual process-level policies to isolate and segment critical applications and infrastructure.
Visualize East-West Traffic
Process-level enforcement detects, alerts, and blocks unauthorized processes from accessing critical application components, reducing the attack surface and limiting lateral movements.
Reduce Dwell Time
Guardicore Centra provides faster detection earlier in the kill chain, with details on attacker tools and techniques, that help IR teams to prioritize incident investigation and reduce dwell time.
Patented Dynamic Deception
Centra features a high-interaction deception engine that disrupts attackers and captures attack details, including reputation analysis that detects suspicious domain names, IP addresses and file hashes within traffic flows.
Accelerate Incident Response
Automatic exports of indicators of compromise to security gateways and SIEM, single-click updates to segmentation policies to remediate traffic violations, and the ability to trigger actions on VMs — suspend, halt, disconnect, or snapshot — to prevent the spread of damage from ransomware attacks.
Threat Intelligence
Collect the entire attack footprint – the files and tools being used and uploaded, and perform deep forensics to expose user credentials, attack methods, propagation tactics, and more.
Start assessing lateral movement in your environment for free
Guardicore Labs offers a free, open-source breach and attack simulation tool called Infection Monkey. Infection Monkey applies the MITRE ATT&CK framework and the Zero Trust Assessment Tool. It provides a new report with the utilized techniques and recommended mitigations to help you simulate an APT attack on your network and mitigate real attack paths quickly.
STEP 1: LAUNCH
Simulate a Breach
Choose a machine to start from and run the Monkey.
Run the Infection Monkey from any machine on any platform of your choosing, whether it’s a public cloud instance or on-premises server. Try different attack scenarios such as stolen credentials, infected internal server or an external attacker.
STEP 2: ATTACK
STEP 3: ASSESS
The Definitive Guide to Choosing a Micro-Segmentation Solution
As IT environments get more complex and dynamic, the perimeter can not stop all bad actors from making it inside data centers and cloud environments. Micro-segmentation reduces your attack surface, frustrates intruders, can be used as a compensating control against vulnerabilities, and hardens your data center.
In this paper, you will learn:
- What to look for in a micro-segmentation solution
- How do you make the decision of which tool to select by which vendor?
- What are the essential features in a tool and what are the must-haves to look out for when considering a vendor?
- What needs to be on your checklist when embarking on a micro-segmentation project?
How IT Experts Use Guardicore Centra to Prevent Lateral Movement
ESIS secures their data center with software-defined segmentation
Cogna Group migrates data center in two weeks with Guardicore
Italtel revolutionizes MSSP market with Guardicore micro-segmentation
Additional Resources on How to Prevent Lateral Movement
