Identification of Lateral Movement Attack Using Next Generation Tools : NGFW, NG-SIEM And Machine Learning

This thesis presents a comprehensive approach to enhance network security by countering lateral movement attacks. Instead of identifying network vulnerabilities, the study demonstrates a specific attack to illustrate the potential harm that can be inflicted. The research focuses on clarifying the role of network segmentation to the security of a local computer network. A practical illustration of the network segmentation procedure will be also conducted by practically proving the role of network segmentation based on an experimental virtual network (EVN). EVN is structured in such a way that it contains the major protection tools as i.e.: pfSense firewall for supporting segmentation and SPLUNK SIEM to identify the cyber threats of type lateral movement . EVN is designed so that it contains also a secure Virtual Private Network (VPN) over WAN, connecting multiple network areas for seamless and encrypted data transmission. Additionally, some custom Machine Learning (ML) algorithms will be embedded within SPLUNK SIEM to enhance security measures. The study begins by - Illustrating a simulated lateral movement attack, emphasizing the necessity for robust security measures. - Network segmentation is then employed to isolate critical resources and sensitive data, effectively thwarting lateral movement opportunities. - Zero Trust Architecture (ZTA) principles are adopted to verify user identities and secure devices, creating a trust-no-one approach. - The pfSense firewall enforces access control policies and VPN connections, - SPLUNK SIEM provides real-time insights into security events. - Custom ML algorithms within SPLUNK SIEM enhance threat detection and user behaviour analysis, enabling proactive defence against potential lateral movement attacks. Practical case studies demonstrate the effectiveness of the proposed security framework in countering lateral movement attacks. The study concludes by showcasing the network's enhanced security under the same attack scenario, validating the robustness of the implemented measures and the impact of custom ML algorithms in fortifying the network. In conclusion, this thesis presents a concise and robust strategy to fortify network security, utilizing segmentation, ZTA, Next Generation Firewall, SIEM with custom ML algorithms, and WAN-based VPN connectivity. By showcasing a simulated lateral movement attack and its subsequent failure, the proposed framework emphasizes the significance of safeguarding valuable digital assets and creating a resilient and secure network environment. Optional Evaluations of network performance and the exploration of different types of firewalls (combination of PaloAlto & pfSense) can be explored if recommended.