Remote access protocols and applications are a distinct weak access point in any enterprise network. Malicious actors will aim to obtain credentials to remotely accessible protocols and servers such as VPN and attempt to move laterally using harvested credentials to other network locations. Using publically available exploits, attackers can leverage any remote access to create a stronghold in your enterprise.
How Fortscale Detects Remote Lateral Movement
Fortscale has recently operationalized a unique ability to identify abnormal access from a remote location occurs. Incoming remote connections are inspected by Fortscale to detect when a username and password are used from the same hostname to access other network assets and may indicate a possible lateral movement attempt.
Contractors, business partners, and other service providers often have access to sensitive corporate data. However, they are not usually subject to the same security practices and policies as the hosting enterprise they work with. This commonly seen situation leads to security gaps that are not attended to in commonly used remote access solutions.