Lateral Movement

Lateral movement refers to an attacker's ability to move from one compromised system to other systems within your network after gaining initial access. Once inside your network, attackers use stolen credentials, exploit trust relationships between systems, and leverage internal vulnerabilities to access additional systems and data.

Lateral movement is how attackers escalate from a foothold on one workstation to accessing your most sensitive servers and data. APT actors are particularly skilled at lateral movement, patiently moving through networks over weeks or months to reach their ultimate targets.

Why It Matters

Preventing lateral movement is why CMMC requires network segmentation, least privilege, and monitoring. These controls work together to detect and contain attackers who breach your perimeter, limiting their ability to reach CUI even if they compromise an initial system.