The Challenge of Detecting Lateral MovementTim Keeler of Remediant Discusses SolarWinds Attack, Remote Worker Threats
The SolarWinds supply chain attack is another example of the damage that lateral movement by system intruders can cause. Tim Keeler of Remediant says detecting lateral movement is challenging because of the size of today’s systems and the difficulty of filtering bad behavior from benign behavior in remote work environments.
"How do I know whether this is just an admin doing their regular activity, versus someone using those credentials in a malicious manner to get access to other systems? Because if you're dealing with an environment that's one or 200,000 systems, it's really hard to scale this out,” Keeler says. “And how do you actually discern and understand what is malicious and what is just your day-to-day behavior?”
In a video interview with Information Security Media Group, Keeler discusses:
- The role of lateral movement in the SolarWinds supply chain attack;
- Why lateral movement is challenging to detect;
- Why organizations need to abolish 24/7 admin rights.
Keeler is co-founder and CEO of Remediant. Previously, he was a leader on the security incident response team at Genentech/Roche and served as a security consultant, with clients that included UCSF, Genentech/Roche, Gilead Sciences and CardioDX. He is a GX-certified Security Incident Handler and earned his GX Security Leadership Certification from GIAC. He holds U.S. Department of Defense Level 3 8750 IAT and 8750 IAM Management certifications; CHFI (Computer Hacking Forensic Investigator) from EC Council and a certification as a CCFE (Certified Computer Forensics Examiner) from IACRB.