Access Management , Governance & Risk Management , Privileged Access Management

The Challenge of Detecting Lateral Movement

Tim Keeler of Remediant Discusses SolarWinds Attack, Remote Worker Threats
Tim Keeler, co-founder and CEO, Remediant

The SolarWinds supply chain attack is another example of the damage that lateral movement by system intruders can cause. Tim Keeler of Remediant says detecting lateral movement is challenging because of the size of today’s systems and the difficulty of filtering bad behavior from benign behavior in remote work environments.

"How do I know whether this is just an admin doing their regular activity, versus someone using those credentials in a malicious manner to get access to other systems? Because if you're dealing with an environment that's one or 200,000 systems, it's really hard to scale this out,” Keeler says. “And how do you actually discern and understand what is malicious and what is just your day-to-day behavior?”

In a video interview with Information Security Media Group, Keeler discusses:

  • The role of lateral movement in the SolarWinds supply chain attack;
  • Why lateral movement is challenging to detect;
  • Why organizations need to abolish 24/7 admin rights.

Keeler is co-founder and CEO of Remediant. Previously, he was a leader on the security incident response team at Genentech/Roche and served as a security consultant, with clients that included UCSF, Genentech/Roche, Gilead Sciences and CardioDX. He is a GX-certified Security Incident Handler and earned his GX Security Leadership Certification from GIAC. He holds U.S. Department of Defense Level 3 8750 IAT and 8750 IAM Management certifications; CHFI (Computer Hacking Forensic Investigator) from EC Council and a certification as a CCFE (Certified Computer Forensics Examiner) from IACRB.


About the Author

Nick Holland

Nick Holland

Director, Editorial

Holland, an experienced security analyst, has spent the last decade focusing on the intersection of digital banking, payments and security technologies. He has spoken at a variety of conferences and events, including Mobile World Congress, Money2020, Next Bank and SXSW, and has been quoted by The Wall Street Journal, CNN Money, MSNBC, NPR, Forbes, Fortune, BusinessWeek, Time Magazine, The Economist and the Financial Times. He holds an MSc degree in information systems management from the University of Stirling, Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.