NC Sep-Oct 2022

More documents

Recommendations

Info

OPINION: ENDPOINT SECURITY WHY EMPLOYEE WORKSTATION SECURITY CAN'T BE FORGOTTEN DAVID HIGGINS, SENIOR DIRECTOR, FIELD TECHNOLOGY OFFICE AT CYBERARK GIVES US SIX ENDPOINT SECURITY RULES TO ISOLATE ATTACKER ACTIVITY, REDUCE THE IMPACT OF A BREACH AND ALLOW ORGANISATIONS TO REGAIN CONTROL OF THEIR ENVIRONMENTS Arecent Accenture study found that 63% of high-growth companies have already adopted 'productivity anywhere'. It's a switch which, two years later, is still causing issues for businesses - specifically their security teams. This is mainly as a result of employee workstations now being put at the edge. Far beyond the 'walls' of the traditional corporate network, they're an easy route in for attackers looking to compromise identities, launch ransomware attacks, exploit privileged credentials and infiltrate sensitive corporate networks. PROTECTING THE ENDPOINT Having these workstations - or endpoints - in such an unsecure situation is leaving organisations at an unnecessary and increased risk of an endpoint attack. This is especially worrying as we know that, during these types of attack, by the time incident response specialists are called in the environment has already become overrun by threat actors. It is vital to an organisation's overall security posture that they don't neglect endpoints - especially workstations. Doing so will inevitably end in a cyber assault. While this might sound like a big task, there are actually only six steps which security teams need to adhere to in order to protect them. These are fundamental identity security rules and safeguards: 1. Remove local admin rights: Administrator accounts are vital. Not only are they used to install and update workstation software and set up system preferences, but they are critical to the smooth running and management of user accounts. The security issues arise however, as admin accounts are privileged, making them more valuable to attackers and more susceptible targets for those looking to run ransomware and other malicious software, disable antivirus, and block disaster recovery tools. Moving local admin powers away from normal users and into a secure digital vault with credential rotation is the quickest and most straightforward way to secure employee workstations. Doing so reduces the ability of attackers to move through networks, while lessening the impact of employee mistakes. 2. Implement least privilege: Employees frequently need to carry out an action which requires administrative privileges. While these are usually legitimate and necessary tasks, justin-time privileged access enables teams to safely carry out work both in accordance with policy, and appropriately. 3. Policies for application control: The endpoint must be able to defend against attacks, as well as allow or deny known applications. To do this, and lessen the risk of threats such as ransomware, organisations must be able to "greylist" apps and implement advanced control policies, ensuring workers use only secure, trusted applications. 4. Don't forget cached credentials: Credential theft is one of the greatest risks to organisations. These can be saved in memory by many common business apps, and web browsers and password managers store application and website credentials locally. The fact threat actors can easily and frequently get cached credentials without requiring admin capabilities, makes having an endpoint security layer even more essential to overall security. 5. Leave and set traps: It may sound left-field, but endpoint protection technologies that support privilege deception functionality, such as the capability to generate phoney "honeypot" privileged accounts, can help identify potential attackers in real-time. 6. Monitor privileged activities: Attackers are sneaky and often go unnoticed when testing a network's defences. By proactively monitoring privileged workstation activity, organisations can automatically identify and stop adversaries before they move laterally, elevate privileges, or do significant harm. FINAL THOUGHTS Endpoint security has been something organisations have been battling against for years, and the added challenges they face thanks to the proliferation of hybrid working are cause for concern. With inadequately protected employee workstations posing as the perfect vulnerability for attackers to exploit, it's imperative for organisations to act swiftly to protect endpoints. NC 12 NETWORKcomputing AUGUST/SEPTEMBER 2022 @NCMagAndAwards WWW.NETWORKCOMPUTING.CO.UK
PRODUCT REVIEW Progress Flowmon Collector 12.1 PRODUCT REVIEW PRODUCT REVIEWPRODUCT RE NetOps and SecOps teams that demand full visibility into their networks will find the Flowmon product family from Progress delivers precisely what they need. The suite provides a wealth of network traffic flow monitoring, analysis and reporting tools and the best part is they are all managed centrally from a single web console. Features include traffic, application, server latency and end-user experience monitoring along with packet capture and analysis. This latest version takes monitoring into the cloud with support for native flow logs from AWS, Azure and Google Cloud. Previously, monitoring these cloud platforms required a probe installed to the relevant service and traffic mirroring configured - requirements that will ramp up ongoing costs, making cloud flow monitoring very expensive. Flowmon's support for native flows means probes aren't required and as much smaller quantities of data are generated, cloud data transfer charges are reduced significantly. The Flowmon network operations solution on review comprises the Flowmon Collector, Probe, agentless APM (application performance monitoring) and packet investigator modules. SecOps teams should consider the full Flowmon network and security operations solution as it adds the ADS module which provides detection services for unknown threats, malware, ransomware and malicious activity along with incident response and forensics. The Flowmon Collector appliances handle collection, long-term storage and analysis of all industry standard log flow formats including NetFlow, IPFIX, sFlow, jFlow and NetStream and can receive them from a wide range of network devices including load balancers, routers, switches, firewalls, packet brokers and dedicated Flowmon Probes. The Collector includes an integral Flowmon Probe for native collection of L2/L4 information along with L7 statistical data and more external Probes can be added as needed. Collector deployment options include turnkey hardware rack-mount models, installation on cloud services such as AWS, Azure and Google Cloud Platform or virtualisation on VMware, Hyper-V and KVM hosts. We chose our VMware vSphere host and swiftly deployed the Collector using the supplied OVF template, placed our Probe monitoring ports on separate vSwitches and dedicated physical adapters with promiscuous mode enabled and cabled them to our switch span ports. The web console's home page provides easy access to the Flowmon Monitoring Center (FMC) which manages flow sources, provides traffic graphs for each one and offers an Analysis section for drilling down for more information. The smart Chapters feature combines profiles and source data channels to present information on areas such as problematic connections, top talkers, L7 analysis for service usage and, of course, cloud flow monitoring. Configuring AWS cloud monitoring was a lengthy process but the detailed documentation and assistance from Progress' knowledgeable support staff helped us over any hurdles. Once we had AWS IAM access, EC2 instance network interface flow logging and an Amazon CloudWatch log group configured, we used FCC to enable AWS flow logs and watched as FMC spotted the new source for the monitored Linux instance. The Dashboard and Report console presents an incredible amount of graphical information, and widgets allow it to be easily customised to your requirements. We added a Chapter for the AWS source, used it to create a new widget and after dragging it to a prominent position on our dashboard, could see all traffic and IP addresses related to our EC2 instance and set monitoring periods of between one hour and three months. Progress Flowmon is the perfect partner for NetOps and SecOps teams as it provides a stunning amount of information on network, service and application performance. Fully centralised management makes it easy to identify and analyse problem areas while the native cloud flow monitoring services add valuable new dimensions and keep cloud costs to a minimum. NC Product: Flowmon Collector 12.1 Supplier: Progress Software Website: www.flowmon.com Sales: support@flowmon.com WWW.NETWORKCOMPUTING.CO.UK AUGUST/SEPTEMBER 13 NETWORKcomputing @NCMagAndAwards
Page 1 and 2: NETWORKcomputing I N F O R M A T I
Page 3 and 4: COMMENT COMMENT WHEN IT RAINS, IT P
Page 6 and 7: INDUSTRY NEWS NEWSNEWS NEWS NEWS NE
Page 8 and 9: OPINION: ZERO TRUST A QUESTION OF T
Page 10: PRODUCT REVIEW NetAlly EtherScope E
Page 15 and 16: OPINON: NETWORK DOWNTIME DOWNTIME D
Page 17 and 18: SECURITY UPDATE (NCSC) Zero Trust d
Page 19 and 20: SECURITY UPDATE now to reduce their
Page 21 and 22: FEATURE: WAN PERFORMANCE Digital tr
Page 23 and 24: EVENT ORGANISERS: Do you have somet
Page 25 and 26: FEATURE: WAN PERFORMANCE cable TV a
Page 27 and 28: OPINION: IOT outcomes and efficienc
Page 29 and 30: AWARDS 2022 NETWORK INFRASTRUCTURE
Page 31 and 32: AWARDS 2022 EDUCATION & TRAINING PR
Page 33 and 34: AWARDS 2022 CLOUD BASED SOLUTION OF
Page 36: On-Prem Cloud Success Stories IDC I

NC Sep-Oct 2022

Create successful ePaper yourself

Delete template?

Save as template?