Stop Lateral Communication Between Endpoints

In network environments, endpoints are frequently exploited due to their external-facing nature and ease of entry into the network. Many believe attackers or bad actors are only on the outside to exploit vulnerabilities; however, cybercrime statistics have proven that malicious insiders also exist. Insider threats have increased by 47% in the last two years. (Panda Security)

As a result of this dangerous misconception, businesses don’t protect their endpoints as thoroughly as they should.

Endpoint zero-day attack examples

March and October 2021 – Acer

After the March 2021 ransomware attack where the REvil ransomware group demanded $50 million – one of the highest reported at the time – the company experienced another attack. This time, in October, the isolated attack was detected in their after-sales service system in India.

May 2021 – Ireland’s Health Service Executive (HSE)

Conti (Wizard Spider) used phishing attacks to plant malware into the HSE’s system. The $20 million ransom demanded wasn’t paid, but initial costs to the health service included weeks of disruption. The CIO believed total costs could easily stack up to $565 million by the end of the fixes.

July 2021 – SolarWinds Attack

The SolarWinds attack made its way through the organization’s network using a bug in Microsoft. It was the Microsoft security team that spotted the new threat actor originating in China; DEV-0322 gained access “by connecting to the open SSH port and sending a malformed pre-auth connection request.”

The reality is that your user endpoints contain business-critical data. When an endpoint is lost, your business will take a hit in terms of lost data, lost time, and lost productivity.

Reasons why traditional network segmentation methods for endpoint protection are ineffective

  1. Devices on a shared VLAN can communicate with each other, meaning an attack can reach several neighboring devices effortlessly or even all at once. 
  2. Lateral movement occurs once the endpoint is breached – essentially, once accessed and within a network, it can spread laterally across it. 
  3. Zero-trust architecture is expensive and complex, requiring some fundamental infrastructure changes. 
  4. The traditional method of network segmentation means there are many blind spots because of a lack of traffic visibility. 

It comes down to the fact that the traditional route enables the spread of ransomware or malware within a network, segment by network segment. 

The remedies for poor network segmentation

Lateral traffic flow visibility

Without clear visibility of what is coming into and going around your network, your organization’s network is the equivalent of a public park on a busy Saturday afternoon. You know there is traffic, but not how much or the direction and intention of individuals.

Traffic flow visibility between endpoints gives teams reassurance that only what is coming into a network is supposed to be there, and they also know where it’s going and where it’s been.

It provides visibility for all lateral traffic flows, including authorized and unauthorized communications between all devices in a shared VLAN.

Lateral movement containment

This is where the two-door ideology comes in. Should a burglar enter one house room, they’ll need to get through two locked doors to access the next.

The ability for any attack to move effortlessly from “room to room” needs to be contained. Lateral movement containment means ransomware and malware are restricted to a single device.

ENHALO’s agentless network segmentation solution

Agentless segmentation provides a safe and consistent way to protect managed and unmanaged devices, eliminating error-prone patch deployment and management. It provides default zero trust protection on all devices, regardless of whether they are on corporate or public networks.

With an Agentless Network Segmentation Service (NSS) or airgap service – the assumption is that every device is breached or will soon be breached.

ENHALO’s NSS Zero Trust enforcement model auto contains the spread of ransomware and malware to a single device. Infected devices are ring-fenced so that threats cannot be propagated beyond isolated devices.

Lateral communication between endpoints is therefore disabled, and visibility is created on what and where traffic is attempting to flow.

Gerhard Conradie Co-Founder and Global Head of Solutions Architecture at Enhalo
Gerhard Conradie

Gerhard, Co-Founder and Global Head of Solutions Architecture, sees quality staff as the most important asset to any business, and believes that giving them the space to grow as much as they are willing and able to, motivates them to grow Enhalo as well.

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: