During an incident investigation, you discover that attackers compromised a user workstation with a phishing email, then used stolen domain credentials to pivot over SMB into nearby file servers and the ERP database. Endpoint antivirus logs show only generic process-injection alerts, and every asset resides on the same internal subnet. Which recommendation in your incident-response report would most directly reduce the likelihood of similar lateral movement?
Implement internal network segmentation using VLANs and firewall rules between user, application, and database tiers.
Mandate complex passwords and a 90-day expiration policy for all domain accounts.
Upgrade the endpoint antivirus engine to the latest version on all workstations.
Deploy a 24×7 managed security service provider (MSSP) to monitor SIEM alerts.
Dividing the environment into security zones with VLANs and internal firewalls limits east-west traffic, so an attacker who compromises one segment cannot freely reach critical servers. Stronger password rules or newer antivirus engines harden individual hosts but do not stop authenticated lateral movement. Outsourcing monitoring improves detection speed, yet it does not inherently prevent an intruder from traversing a flat network. Therefore, implementing internal network segmentation is the most effective preventive measure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is network segmentation and how does it help prevent intrusions?
Open an interactive chat with Bash
What is lateral movement in cybersecurity?
Open an interactive chat with Bash
How does network segmentation differ from antivirus software in preventing intrusions?