Enterprise Cyber Resiliency Against Lateral Movement: A Graph Theoretic Approach
This addresses a critical security issue for enterprises by providing a method to harden networks against lateral movement attacks, though it is incremental in applying graph theory to this domain.
The paper tackles the problem of lateral movement attacks in enterprise networks by developing a graph-theoretic framework to model these attacks and design resilient systems, establishing strong theoretical guarantees and validating them experimentally for large networks.
Lateral movement attacks are a serious threat to enterprise security. In these attacks, an attacker compromises a trusted user account to get a foothold into the enterprise network and uses it to attack other trusted users, increasingly gaining higher and higher privileges. Such lateral attacks are very hard to model because of the unwitting role that users play in the attack and even harder to detect and prevent because of their low and slow nature. In this paper, a theoretical framework is presented for modeling lateral movement attacks and for proposing a methodology for designing resilient cyber systems against such attacks. The enterprise is modeled as a tripartite graph capturing the interaction between users, machines, and applications, and a set of procedures is proposed to harden the network by increasing the cost of lateral movement. Strong theoretical guarantees on system resilience are established and experimentally validated for large enterprise networks.