What is SD-WAN?
Learn about the capabilities you should expect to find in a full-featured SD-WAN design and how these features operate within the larger Secure SD-WAN architecture.
Futuriom outlines the market trends for SD-WAN in their June 2020 report and provides their predictions for growth and change in the space.
NTT Communications and Versa Networks provide McLaren with reliability, security, stability, and flexible management of their data traffic flows so they can set up a secure, optimized network connectivity in preparation of race weekend.
Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.
Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.
Lateral movement is a technique used by cyber attackers to infiltrate and move through a network with the intent of obtaining secure data.
The term “Lateral Movement” has been around for a little over four years and was in the news when ransomware like WannaCry and APT’s like APT28 and APT29 used lateral movement techniques. Most often an attacker may not have direct access to a machine or resource on the internal network, which the attacker considers a prized trophy. The prized trophy may be the domain controller, a machine hosting confidential information, or the attacker may have planned to get access to all internal machines to have them added to a botnet. In such a situation, the attacker would aim for a weak link in the target network which the attacker can infiltrate. This weak link may be an unsuspecting user, an unpatched computer, an exposed Wi-Fi etc. Once the attacker has control over this weak link, the attacker would then use that access to identify other resources on the internal network and try to infiltrate them until the objective of attacking the network is accomplished. The methods employed by the attacker to identify resources on the internal network, gather information or credentials from an infiltrated host and use the gathered information to gain control of other resource on the internal network, are called “Lateral Movement Techniques”. The discussion in this blog is centred around Windows OS. However, any OS environment can be affected by the techniques discussed below.
In the malware samples that were studied recently, especially APT28 and APT29, some of the techniques described below were employed for moving within the internal network. The steps need not be in the exact order as shown below and the attacker or malware may use just a few.
The successful outcome of this stage is that the attacker has identified other machines, sessions, user accounts etc on the internal network.
This blog provided a very high-level view of what “Lateral Movement” is and some of the prominent techniques employed by attackers and malware. Threat actors have increasingly started using these techniques, especially the Windows WMI, to gain and maintain access to machines. In future blogs, we will be studying some techniques like pass-the-hash and skeleton key attack in detail and understand how tools like Mimikatz harvest credentials, how WMI attacks work and dissect malware samples that employ these techniques. This will help provide a deeper understanding of how threat actors work today and how to protect your internal network.
Versa VOS™ (formerly FlexVNF) via its IPS and AV engines provides protection from these threats. The AV engine detects the malware binaries that employ these lateral movement techniques. The IPS engine provides additional protection by inspecting network traffic and identifying WannaCry network activity and network activities typically seen with tools like Responder. Versa Networks also supports the detection of lateral movement techniques in a Windows environment. The security engine can detect network activity that’s indicative of psexec, pass-the-hash, remote service launch, task scheduling and more.
Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.