But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.
Organizations are already doing an okay job of shoring up that porous border between internal and external networks. Companies are spending less on their own rack space, so this separation is creating a pretty good boundary. It's unlikely, now, that an external Web application compromise will lead directly to an internal LAN compromise.