Conventional network segmentation through switch hubs, VLANs, or firewalls improves network performance and administration. However, it cannot provide granular and dynamic security enforcement to meet diversified and dynamic business environments. As a security professional, you are concerned with advanced persistent threats (APTs). Which of the following is least likely to mitigate the threat?
A. Employ Zero Trust infrastructure
B. Micro-segment networks to support lateral movement
C. Enforce and demonstrate compliance, e.g., HIPAA, PCI-DSS, or SOX
D. Use separate software environments, e.g., dev, testing, and stagging
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Micro-segment networks to support lateral movement.
Lateral movement is an attack technique. Micro-segment is the countermeasure to mitigate lateral movement instead of supporting it.
This question aims to introduce the term, lateral movement, and emerging security requirements for granular and dynamic control that relates to new CISSP topics, such as Zero Trust, Micro-segmentation, DevOps, containerization, microservices, serverless, etc.
- Zero Trust provides granular access control
- Compliance with HIPAA, PCI-DSS, or SOX may lower the likelihood and impact of risk, or mitigate risk. In other words, compliance typically requires implementation of controls to mitigate risk.
- Seperation of software environment is one form of micro-segmentation.
What is Lateral Movement?
Lateral movement refers to that attacker’s untargeted, stealthy exploration and navigation around networks for high-value assets after gaining initial access. Lateral Movement is an attack tactic defined in the MITRE ATT&CK knowledge base.
Lateral movement refers to the techniques that a cyberattacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets. After entering the network, the attacker maintains ongoing access by moving through the compromised environment and obtaining increased privileges using various tools.
Lateral movement is a key tactic that distinguishes today’s advanced persistent threats (APTs) from simplistic cyberattacks of the past.
Pivoting is the attack that moves from a comprised host (aka plant or foothold) to another to expand control or pillage a particular resource; it can be a targeted or untargeted attack. The term pivoting is commonly used by penetration testers who use the Metasploit Framework.
The term pillage seems to be coined or introduced by Steve Anson at SANS. I interpret it literally. The purpose of pivoting is “either to expand control or pillage a particular resource.” (Steven Anson)
Whether performed by an insider threat, or by an external threat that’s managed to get a foothold inside, the next step in the dance is usually the pivot: moving from one host to another either to expand control or pillage a particular resource. In this talk we will look at some of the more commonly encountered pivot techniques to help you understand, detect and deter malicious, lateral movement within your network.
- Network Lateral Movement (Wikipedia)
- Lateral Movement (MITRE)
- WHAT IS NETWORK LATERAL MOVEMENT?
- Lateral Movement
- What is Pivoting?
- Metasploit — Pivoting
- Lateral Movement Gives Attackers Additional Points of Control in a Compromised Network
- The Six Types of Cyberattacks
- THE DEFINITIVE GUIDE to Micro-Segmentation (must-read)
- What is Micro-Segmentation? (illumio/must-read)
- What is Micro-Segmentation? (vmware)
- What is Micro-Segmentation (cisco)
- What is Microsegmentation? (paloaltonetworks)
- What is Micro-Segmentation? (colortokens)
- A Beginner’s Guide to Microsegmentation
- What is microsegmentation? How getting granular improves network security
- How Does Micro-Segmentation Help Security? Explanation
- The 4 Key Benefits of Micro-Segmentation
- Windows Post-Exploitation – PrivEsc, Pillaging & Pivoting
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
通過交換機集線器，VLAN或防火牆的傳統網絡分段方式可改善網絡性能和管理。 但是，它不能提供精細和動態的安全性強制措施來滿足多樣化和動態的業務環境。 作為安全專家，您擔心受到高級持續威脅（APT）的攻擊。 以下哪項最不可能減輕威脅？
B. 將網路微分段(micro-segment)以支援橫向運動(lateral movement)
C. 強化並證明合規(compliance)，例如HIPAA, PCI-DSS或SOX