Lateral Movement
Lateral Movement is the technique attackers use to move from one compromised system to other systems within a network. After gaining initial access, attackers use harvested credentials, misconfigurations, or vulnerabilities to access additional systems without leaving the network.
# WHAT TEAMS RUN INTO
- —
Lateral movement is invisible if attackers use legitimate credentials. Once inside, attackers move between systems using the same credentials a legitimate user would use — making detection extremely difficult.
- —
Network segmentation creates zones but not impenetrable boundaries. Systems are segmented to make lateral movement harder, but attackers escalate privilege, exploit misconfigurations, or compromise identity systems to move between zones.
- —
Backward compatibility breaks segmentation. Legacy systems still need access to modern systems, creating paths that segmentation intended to block. Security and functionality are in constant tension.
# WHY IT MATTERS
Lateral movement is where breaches become catastrophic. Initial access to one system is a foothold. Lateral movement turns that foothold into network-wide compromise. Organizations that prevent lateral movement can contain breaches — an attacker in one system cannot reach others. Organizations that don't prevent it must assume that one compromise means total compromise.