Lateral Movement Definition & Meaning

Lateral movement, or lateral traffic, is a network attacker’s progression through the network once they have breached it. Lateral movement is also known as east-west traffic, indicating horizontal progression through an already-breached network, and contrasts with north-south traffic, or first entering the network. Lateral movement is challenging for organizations to track because once an attacker has entered a network, their traffic appears normal. It’s hard to distinguish between an attacker and authorized users because they’ve already gained access.

Reasons for lateral movement

Attackers can gain initial access to a network using:

  • Employee devices, particularly in the Internet of Things. IoT devices have fewer security protocols than smartphones and computers. If an attacker accesses an IoT device that connects to the company network, they may then be able to thread their way into the network.
  • Company email. Social engineering heavily relies on fraudulent emails, which might ask an employee for their credentials or include malware. Once the attacker has that information, they can proceed into the network as a trusted user.
  • Malicious software installed on a company computer: if an attacker convinces an employee to click a link, malware could install on that computer and then give the attacker a pathway into the network.

Traditional network security doesn’t handle lateral movement well because it doesn’t have good methods of protecting the inside of the private network. Everyone who is allowed through the firewall at the perimeter can then meander through the network at their leisure. This also makes it harder for organizations to find a threat once it’s inside, especially if the attacker has stolen an employee’s credentials. Sorting through all of the data both manually and efficiently is impossible for most IT teams.

Combatting lateral movement with XDR

In traditional network security solutions, separate software and systems are not centralized: they’re siloed. It’s more difficult for a business to manage its network security when multiple applications are analyzing data. A centralized threat detection and response solution that can analyze all the data and notice patterns is a better way to monitor a network.

Extended detection and response (XDR) is one of the best choices for large organizations because it removes the silos between security solutions. XDR monitors all the data from applications and servers. An XDR solution includes automation, which saves IT and engineering teams time.

Some XDR solutions implement machine learning, which studies patterns in data and eventually learns to notice anomalies and prioritize alerts to technology teams, similar to user and entity behavior analytics (UEBA). If trained sufficiently, machines can interpret words and also their context to better understand a situation. If a certain computer, account, or server behaves unusually, a good network detection and response solution will notice that and take proactive measures to find the cause. XDR does not just detect threats but also tracks them and addresses them quickly.

Zero trust and microsegmentation are other technologies designed to limit access in event of a breach or stolen credentials.






Jenna Phipps
Jenna Phipps
Jenna Phipps is a contributor for websites such as Webopedia.com and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Unregulated Power Supply Definition...

An unregulated power supply is a system that transforms input voltage into direct...

Cybersecurity Awareness Training Definition...

Cybersecurity awareness training informs employees of the attack surfaces and vectors in their...

OST File Definition &...

An OST file, or offline storage table (.ost) file, is an Offline Outlook...