Lateral movement risk rises as enterprises emphasize convenience over containment
Summary
A new report reveals that over 80% of enterprise servers are accessible from anywhere within the network, with attackers frequently exploiting protocols like RDP, SSH, SMB, and WinRM for lateral movement. The reliance on legacy authentication protocols like NTLM and direct administrative pathways further exacerbates these risks, allowing attackers to easily escalate privileges after initial compromise.
IFF Assessment
The article highlights significant weaknesses in enterprise network segmentation and security controls, which directly benefit attackers by enabling easier lateral movement and privilege escalation after an initial breach.
Defender Context
Defenders need to prioritize network segmentation and implement stronger access controls to limit lateral movement. This includes scrutinizing and hardening protocols like RDP, SSH, and SMB, and phasing out legacy authentication methods like NTLM. The trend indicates that once an attacker gains initial access, they face minimal resistance in moving throughout the network.