Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 31 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Protect and detect to prevent the lateral attacker

by The Gurus
April 9, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

Tracking attackers and preventing their lateral movement across your network will help you better protect against persistent attacks.
 
Speaking with Donato Capitella, security consultant at MWR Infosecurity, he said that if an attack is successful it doesn’t mean game over, but if they compromise you they should not have access to everything in order to get to a target.
 
“We can try and make life harder or make it more painful by importing controls together,” he said. “You can have the best detection and intrusion prevention, but the two things need to go together.”
 
He said that with attacks enabled by spear-phishing, once an attacker gets into a workstation they exploit the privilege of the user and will not do anything that is too suspicious, but will try to do “lateral movement” as the victim does not know where they are in the network, and explore file shares and other users.
 
He explained that once an attacker gets in, they should not have the opportunity to do more and if we can stop them, then they don’t make the news. “Most of the time they can move around laterally, making it very difficult to stop or detect them, which is what needs to be happening,” he said.
 
A common problem is that the activities between the compromise and malicious activity are difficult to detect if you don’t have the right infrastructure on your network to detect that. So if an attacker compromises the endpoint and needs to talk out, if there is outbound filtering implemented, then it is very difficult for the attacker to connect back to the machine.
 
“With a proxy there, the attacker needs to go through that and it makes it more difficult as they might have proxy logs that show the connection. So you slow them down and make them more detectable, and all security controls can be part of deploying secure builds,” he said.
 
Capitella said that there are technologies that will slow down an attacker providing more ways to detect them and the harder it is, the slower it will be for them. “By implementing security controls, you force the attacker down the path of least resistance and it becomes to easier to spot them,” he said.
 
“You are forcing them down that way; application whitelisting it is important for security and controls and an attacker needs to develop a zero-day and that is more expensive. It is not 100 per cent bulletproof, but it will stop some attackers and this makes it more difficult for skilled attackers and you have a better chance of detecting and monitoring what they are doing or stopping them immediately.”
 
I asked Capitella if he sees a lot of use of the outbound proxy, and he said that often clients deploy application whitelisting across the infrastructure, while removing privilege from regular users works well. “A control is taking away administrator privilege from the attacker as now they have to work without privilege escalation; if they are skilled they can do it, but you slow them down,” he said.
 
He also said that data loss prevention tools can be used too as part of the “mix”, and if you have to prioritise, implementing a good strategy for hardening and forcing attackers down the “difficult” path and detecting anomalies in configuration is the main thing.
 
I asked him for his recommendations on what companies can do to enable such hardened measures to prevent lateral movement of an attacker. He recommended having a holistic strategy for detection and prevention as much as you can, and consider adding: application whitelisting; taking away administrator privileges; segregate users and networks so it is more difficult for an attacker to strike; and patch everything, particularly on client side software.
 
“To accommodate for this, you need to work as best as you with detection and intrusion prevention systems and work to focus monitoring on the area of least resistance and that will help you in the process of using things to detect attackers,” he said.
 
 
 
Donato Capitella, security consultant at MWR Infosecurity, was talking to Dan Raywood Learn more about MWR Infosecurity’s training options here

FacebookTweetLinkedIn
Tags: attackDetectionPhishingPrevention
ShareTweetShare
Previous Post

Buhtrap campaign spied on and stole from Russian businesses

Next Post

French TV network taken offline by hackers

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information