The knowledge an attacker gathers about the critical infrastructure network they infiltrate allows them to customize the payload and remain undetected while causing maximum impact. This knowledge is a consequence of internal reconnaissance in the cyber network by lateral movement and is enabled by exploiting discovered vulnerabilities. This stage of the attack is also the longest, thereby giving a defender the biggest opportunity to detect and react to the attacker. This paper helps a defender minimize the information an attacker might gain once in the network. This can be done by curbing lateral movement, misdirecting the attacker or inhibiting reachability to a critical device. We use a linear threshold models of attack propagation to analyze potential attack loss and use this to find actions that a defender might invest in while staying within their budgetary constraints. We show that while finding the best solution subject to these constraints is computationally intractable, the objective function is supermodular, allowing for a tractable technique with a known approximation bound.