Lateral movements allow the attackers to gain an initial ledge in the business network while stationing robust ways to maintain the foothold to gain access to sensitive data.
Businesses need to impose robust boundaries and solid internal security to prevent attackers from gaining free rein to the lateral network. Here are a few strategies that will help strengthen the organization’s security posture and efficiently controls lateral movements.
Shield the Credentials and Establish Standard User Accounts
Attackers often steal a security token to acquire access to target the device or server. Therefore, all the credentials should be rightfully protected to restrict the attackers from utilizing them to gain access. Simultaneously, passwords need to be stored in plain text by the systems or users while ensuring the password hashes are protected enough to prevent attackers from accessing them. Additionally, businesses need to utilize a device that supports hardware credential storage that will act as a guardrail to safeguard the credentials. Users need to ensure that the credentials should only be utilized on their own devices rather than approved for work use as they might not adequately protect the credentials. At the same time, businesses need to practice using standard user accounts, ensuring that the user is constantly logging in with the administrative accounts to perform administrative tasks.
Also Read: Zero Day Attacks: Tracking and Prevention Strategies
Station Good Authentication Practices
Businesses need to deploy an authentication plan restricting the attacker from gaining access to sensitive business data.
Users need to refrain from reusing old passwords and need to consider the utilization of password managers. This will minimize the number of users who store credentials in plain text.
Additionally, logon restrictions like password lockout and throttling diminish the chances of the attacker to authenticate with the host upon not acquiring credentials. Businesses need to ensure that a single account cannot grant access to complete devices across an enterprise if these accounts are privileged. At the same time, multi-factor authentication (MFA) and single sign-on (SSO) can be utilized for internet-facing services to combat brute forcing and password guessing attacks and to limit the number of password logins to refrain the attacker from stealing the data. Therefore, MFA can be utilized to physically separate high-privilege devices, restricting them from being used by malware remotely.
Assess the Security Hygiene and Deploy Shared Policies
One of the simplest ways businesses can prevent lateral movements is by auditing security hygiene. Weaknesses in the business security posture arise due to inconsistent security hygiene. Companies need to ensure that all the fundamentals of network security are fulfilled by developing and maintaining a robust security posture. Additionally, every element of the organization, that is, users and applications, need to run to individual endpoints and networks. At the same time, businesses can ward off lateral movements by implementing effective policies that warrant software updates, data backups, and password amendments. Regular health check-ups on the security posture ensure there are void indications of threats and vulnerabilities. This will improve, strengthen and update the basic security procedures.
Also Read: OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings
Employ the Principle of the Least Privilege
Businesses need to employ the principle of least privilege that ensures the users and accounts have minimal access across the network. The tiering model for administrative access allows businesses to grant access to specific administrative accounts. Additionally, companies need to ensure that full privilege accounts should be used only for tasks such as network building, creating a new privileged account, or disaster recoveries. Simultaneously, identifying high-risk devices, services, and users can assist businesses in planning granted privileges, ensuring that users with the highest risk have the lowest privileges. Therefore, utilizing time-based privileged access can minimize the effects of a leaked admin credential.
In addition to the above strategies, organizations can utilize methods such as penetration testing to locate vulnerable parts of the network that could encourage lateral movements. Additionally, establishing zero-trust and endpoint security allows businesses to quarantine initial infections. These methods utilize a least-privilege approach to access control and divide networks into small segments with endpoint scanning of anti-malware software, among other security technologies.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.