So you spent thousands of dollars on a next-gen firewall.That means you are secure, right? Even though it is obvious that the answer to this question is no, many people believed otherwise not that long ago. Just because you spend money on security doesn’t mean that you’ll be secure. Network firewalls provide one layer of protection for your environment but they can be bypassed by experienced attackers, specially if the firewall is not configured properly. In fact, it’s not a matter of “if”, it’s a matter of “when”. What will you do when an attacker bypasses your firewall and compromises one of your endpoints?
A common technique attackers use after penetrating a network is called lateral movement. This technique allows attackers to propagate across multiple hosts that are co-located in the same subnet. For example, in a Windows environment, an attacker can start by compromising a user endpoint and then pivot laterally until it reaches a Domain Controller, giving them a stronger position to take over privilege accounts or exfiltrate data.
In this post, we will take a look at host-based firewalls and learn how they can be used to protect against lateral movement.