NC Sep-Oct 2022
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
OPINION: ENDPOINT SECURITY<br />
WHY EMPLOYEE WORKSTATION SECURITY CAN'T BE FORGOTTEN<br />
DAVID HIGGINS, SENIOR DIRECTOR, FIELD TECHNOLOGY OFFICE AT CYBERARK GIVES US SIX<br />
ENDPOINT SECURITY RULES TO ISOLATE ATTACKER ACTIVITY, REDUCE THE IMPACT OF A BREACH<br />
AND ALLOW ORGANISATIONS TO REGAIN CONTROL OF THEIR ENVIRONMENTS<br />
Arecent Accenture study found that 63%<br />
of high-growth companies have<br />
already adopted 'productivity<br />
anywhere'. It's a switch which, two years later,<br />
is still causing issues for businesses -<br />
specifically their security teams. This is mainly<br />
as a result of employee workstations now<br />
being put at the edge. Far beyond the 'walls'<br />
of the traditional corporate network, they're<br />
an easy route in for attackers looking to<br />
compromise identities, launch ransomware<br />
attacks, exploit privileged credentials and<br />
infiltrate sensitive corporate networks.<br />
PROTECTING THE ENDPOINT<br />
Having these workstations - or endpoints - in<br />
such an unsecure situation is leaving<br />
organisations at an unnecessary and increased<br />
risk of an endpoint attack. This is especially<br />
worrying as we know that, during these types of<br />
attack, by the time incident response specialists<br />
are called in the environment has already<br />
become overrun by threat actors.<br />
It is vital to an organisation's overall security<br />
posture that they don't neglect endpoints -<br />
especially workstations. Doing so will inevitably<br />
end in a cyber assault. While this might sound<br />
like a big task, there are actually only six steps<br />
which security teams need to adhere to in order<br />
to protect them. These are fundamental identity<br />
security rules and safeguards:<br />
1. Remove local admin rights: Administrator<br />
accounts are vital. Not only are they used to<br />
install and update workstation software and set<br />
up system preferences, but they are critical to<br />
the smooth running and management of user<br />
accounts. The security issues arise however, as<br />
admin accounts are privileged, making them<br />
more valuable to attackers and more<br />
susceptible targets for those looking to run<br />
ransomware and other malicious software,<br />
disable antivirus, and block disaster recovery<br />
tools. Moving local admin powers away from<br />
normal users and into a secure digital vault with<br />
credential rotation is the quickest and most<br />
straightforward way to secure employee<br />
workstations. Doing so reduces the ability of<br />
attackers to move through networks, while<br />
lessening the impact of employee mistakes.<br />
2. Implement least privilege: Employees<br />
frequently need to carry out an action which<br />
requires administrative privileges. While these<br />
are usually legitimate and necessary tasks, justin-time<br />
privileged access enables teams to<br />
safely carry out work both in accordance with<br />
policy, and appropriately.<br />
3. Policies for application control: The endpoint<br />
must be able to defend against attacks, as well<br />
as allow or deny known applications. To do<br />
this, and lessen the risk of threats such as<br />
ransomware, organisations must be able to<br />
"greylist" apps and implement advanced control<br />
policies, ensuring workers use only secure,<br />
trusted applications.<br />
4. Don't forget cached credentials: Credential<br />
theft is one of the greatest risks to<br />
organisations. These can be saved in memory<br />
by many common business apps, and web<br />
browsers and password managers store<br />
application and website credentials<br />
locally. The fact threat<br />
actors can easily and<br />
frequently get cached<br />
credentials without<br />
requiring admin<br />
capabilities, makes<br />
having an<br />
endpoint security<br />
layer even more<br />
essential to overall security.<br />
5. Leave and set traps: It may sound left-field,<br />
but endpoint protection technologies that<br />
support privilege deception functionality, such<br />
as the capability to generate phoney "honeypot"<br />
privileged accounts, can help identify potential<br />
attackers in real-time.<br />
6. Monitor privileged activities: Attackers are<br />
sneaky and often go unnoticed when testing a<br />
network's defences. By proactively monitoring<br />
privileged workstation activity, organisations<br />
can automatically identify and stop adversaries<br />
before they move laterally, elevate privileges, or<br />
do significant harm.<br />
FINAL THOUGHTS<br />
Endpoint security has been something<br />
organisations have been battling against for<br />
years, and the added challenges they face<br />
thanks to the proliferation of hybrid working are<br />
cause for concern. With inadequately protected<br />
employee workstations posing as the perfect<br />
vulnerability for attackers to exploit, it's<br />
imperative for organisations to act swiftly to<br />
protect endpoints. <strong>NC</strong><br />
12 NETWORKcomputing AUGUST/SEPTEMBER <strong>2022</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK