I hate spiders, a lot. But I really hate the idea of a Scattered Spider Attack which can jump between environments that you may have believed were segmented at an alarming rate. That is the stuff of real nightmares for networking and security professionals.
Keeping up with your security posture isn’t easy. We’re all doing our best, but is it good enough? One CISO we talked to hired a consulting firm to map out their security posture. $3 million and 3 months later, they had a security posture matrix that was already out of date. Understanding your security posture is priceless, but only if the information is accurate. This is precisely the knowledge that the SecOps team would need to stop such an attack in its tracks.
Can your organization visualize lateral movement in your network to understand what an attacker can potentially access once inside your network? There may be diagrams that could show this level of data, but let's face it: how often are these updated? The same holds for spreadsheets; this connectivity may live in several spreadsheets, but even if they are updated promptly, how can you correlate this data in an easy-to-understand way? Teams need to understand the potential fallout from the point of view of a compromised host. This is all just in your on-premise infrastructure; what happens when you add the cloud? You just increased the difficulty of obtaining a clear picture of how an attacker can laterally move around the network to impossible.
Using Forward Enterprise's Blast Radius feature gives the appropriate team unprecedented visibility into data that is impossible to piece together in a timely manner without a network digital twin. This gives operators a view into the environment like they have never had before. Suppose you suspect a host is compromised or would like to do a routine audit to ensure your segmentation policies are configured as they should be. By using Forward’s Blast Radius feature, you can see data for both on-premise and cloud endpoints to instantly identify all devices reachable by a compromised host to streamline remediation efforts by quickly disabling the port the device is connected to. This is done for both on-premise devices and in the cloud if there is an integration with endpoint vulnerability scanners like Rapid7 and Tenable.SC to pull in and see pertinent information about the device's vulnerabilities.