Today’s reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses. It’s relatively easy to take advantage of vulnerabilities on the edge of the network or trick a user into granting access to their device. From there, attackers can lay in wait for days, weeks, or months until the time is right to spread to other more critical systems, deliver a malicious payload, and execute their objective—whatever that may be. It’s not a matter of if an attack will be successful, it’s a matter of when. Organizations are better served by a security team that shifts its focus from preventing all attacks (which is pretty much impossible) to stopping the spread of attacks once they make that initial breach.
The data bears this out.
The following report from the VMware Threat Analysis Unit is a summary of key data and findings from July 2020 to December 2020. It highlights threats that evaded perimeter defenses and were identified by VMware sensors placed inside the perimeter.
The findings are clear: despite a cadre of perimeter defenses being deployed, malicious actors are actively operating in the network. The research presents a clear picture of how attackers evade perimeter detection, infect systems, and then attempt to spread laterally across the network to execute their objective. Armed with this knowledge, chief information security officers (CISOs) and network security teams can gain critical insight into how to combat these threats, stop their spread, and help prevent them from doing real damage once they are inside the network.