Lateral Scan

Lateral Scan

Lately adversaries have accomplished breach goals using advanced tools and techniques designed to circumvent most conventional computer network defense (CND) mechanisms. Once an intruder compromises an organization and infects a vulnerable host, they can move laterally. A lateral scan is an indicator of compromise (IOC), that suggest an intruder is looking to move laterally to gain unauthorized access to sensitive data on a system.

Detect Lateral Scan Traffic

Threatcare brings a proactive approach to data security through cloud-based simulations that help with risk discovery, while validating risk mitigation techniques. The Threatcare Suite contains a BAS technology that can be used in a browser or through a Bot on a host. By using a Firefox or Chrome browser on your host, a lateral scan simulation can find internal IP addresses. Once the initial host IP address is found, Threatcare moves laterally to other hosts inside the network through a HTTP or HTTPS ping. Threatcare then creates benign IOC artifacts in the environment so organizations can leverage their incident responders awareness and controls efficacy. Identification, analysis, and utilization of threats can be the catalyst to slow down APT campaigns.

Why Detecting Lateral Scan Is Important

Most companies have some kind of sensitive data that needs to be protected from the internet. Without familiarity toward real world breach indicators, organizations leave themselves at risk. An undetected lateral scan initiated by an intruder can yield successful data exfiltration against your organization. Sun Tzu, a Chinese general, military strategist, and philosopher once said, “To know your enemy, you must become your enemy." Our lateral scan simulation create the artifacts in your network helping you detect, log, and mature your CND. With our help give your organization the secure credibility assurance it needs. Prove your information security team can pinpoint what indicators of compromise look like, while shortening the time from infection to identification with assurance that the recovery from attacks will be swift.