// THREAT DETECTION AND DATA PRIVACY TERM

Lateral Movement

Lateral movement is when an attacker, after gaining initial access to one computer, moves through the internal network to access other systems and data. It's like a burglar getting into one room of a building and then using hallways to access other locked rooms.

Lateral Movement — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

Lateral movement is a post-exploitation cyberattack technique where an adversary pivots from a compromised endpoint to other hosts, servers, and data stores within a trusted network perimeter. This tactic, often used by Advanced Persistent Threats (APTs), leverages stolen credentials, privilege escalation, and internal reconnaissance to expand access and exfiltrate data.

BACKGROUND

Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • pivoting
  • internal reconnaissance
  • east-west traversal
  • island hopping
  • network propagation
  • internal spreading

USAGE NOTE

Detecting lateral movement is a critical indicator that an active, advanced attacker is present in the network, not just a simple isolated infection.

DEVELOPERS

Organizations developing technology related to Lateral Movement.

  • CrowdStrike

    Develops the Falcon platform, an endpoint detection and response (EDR) and XDR solution that uses behavioral AI and threat intelligence to detect and prevent lateral movement by identifying suspicious process execution, credential theft, and anomalous user activity across endpoints.

  • Vectra AI

    Specializes in AI-driven threat detection and response. Their platform analyzes network traffic and cloud logs to detect attacker behaviors in real-time, with a primary focus on identifying lateral movement techniques like remote execution, credential abuse, and reconnaissance.

  • Illumio

    A leading provider of Zero Trust Segmentation technology. Their platform prevents lateral movement by creating micro-perimeters around applications and workloads, enforcing policies that allow only necessary communication and blocking unauthorized pathways for attackers.

  • Palo Alto Networks

    Offers the Cortex XDR platform which correlates data from network, endpoint, and cloud environments to detect sophisticated attacks. It uses User and Entity Behavior Analytics (UEBA) to identify abnormal activity patterns indicative of lateral movement.

  • Darktrace

    Utilizes self-learning AI for its 'Enterprise Immune System' technology. It builds an understanding of an organization's normal network behavior and detects anomalous activities, including the subtle east-west traffic patterns that signal an attacker is moving laterally.

  • SentinelOne

    Provides the Singularity XDR platform, which offers autonomous threat detection and response. It identifies and blocks lateral movement attempts by analyzing process lineage, network connections, and credential access on endpoints in real-time.

  • CyberArk

    Focuses on Privileged Access Management (PAM). Their solutions are designed to prevent lateral movement by securing, controlling, and monitoring the privileged credentials that attackers seek to steal and use to move across a network and escalate permissions.

  • Microsoft

    Develops the Microsoft Defender suite, including Defender for Identity, which specifically targets lateral movement paths in hybrid environments. It detects techniques like Pass-the-Hash and Pass-the-Ticket, and identifies compromised user credentials used for unauthorized access.

  • Akamai

    Offers micro-segmentation solutions (acquired from Guardicore) designed to visualize network traffic and enforce granular security policies within data centers and cloud environments. This technology directly contains breaches by preventing attackers from moving laterally from a compromised system.

RELATED TERMS IN THREATS & ATTACKS