Training
Featured Course View All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Group Purchasing
Group Purchasing

Unveiling the Dependency on Network Telemetry: Optimizing Lateral Movement Detection

Download File
Unveiling the Dependency on Network Telemetry: Optimizing Lateral Movement Detection (PDF, 3.53MB)Published: 17 Jan, 2025
Created by:
Kyu Jin Therrien

Lateral movement is a critical phase of adversarial activity during cyberattacks, enabling attackers to traverse a network, escalate privileges, and exfiltrate sensitive data. Identifying adversaries in complex networks presents significant challenges due to adversaries’ use of legitimate tools and processes to evade signature database detection.

This study investigates the dependency on network and endpoint telemetry for identifying lateral movement attacks, focusing on the Remote Services technique from MITRE ATT&CK.

The findings emphasize the importance of leveraging anomaly behavior analysis, whether applied to network or endpoint telemetry, to unveil adversarial activities that might otherwise blend with legitimate operations. Lateral movement techniques, identified in MITRE ATT&CK and this study, highlight the need for robust network visibility tools and micro-segmentation strategies to limit adversaries’ network propagation while ensuring comprehensive threat visibility and correlation.

Additional Resources

Air-Gapped: Isolation in an Always-Connected World

WhitepaperSecurity Awareness
  • 30 Apr 2026
  • My-Ngoc Nguyen

Comprehensive Identity Protection for Today’s Enterprise

WhitepaperSecurity Awareness
  • 24 Apr 2026
  • Matt Bromiley

SANS Security Awareness and Culture Maturity Model™ eBook

WhitepaperSecurity Awareness
  • 28 Jan 2026
  • SANS Institute

Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud

WhitepaperSecurity Awareness, Cybersecurity Leadership
  • 7 Nov 2025
  • Joshua Hall

Privacy Protections: Are Stronger Laws Changing What We Reveal?

WhitepaperSecurity Awareness, Cybersecurity Leadership
  • 26 Sep 2025
  • Katie Christensen

Forensic Investigation of Bluetooth-Based Credit Card Skimmers

WhitepaperDigital Forensics and Incident Response, Security Awareness
  • 3 Sep 2025
  • John Passaro