CISOOnline

Lateral movement risk rises as enterprises emphasize convenience over containment

“A reachable server may still be protected by identity controls, endpoint monitoring, access policies, or other safeguards,” Datta tells CSO. “The practical risk also depends on the privileges an attacker has gained, the controls around each protocol, and how quickly suspicious activity is detected.”

Still, defenders must do more to limit where an attacker can move to stand any chance of protecting sensitive systems, argues Joe Brinkley, director of offensive security research at penetration testing as a services firm Cobalt. This requirement is becoming even more pressing with the rising use of automated and AI-driven lateral movement.

“Organizations must pivot away from a strategy of pure detection and prioritize deterministic containment through micro-segmentation and strict, identity-driven least privilege,” Brinkley advises.



Source link