Contrary to popular belief, cyber attacks are not (always) large-scale attempts to hijack or disable infrastructure. A wide range of DDOS attacks can be used as decoys, but the actual work is more subtle and complex. For example, consider the James Bond movie. The villain quietly sneaks into his organization, identifies his weaknesses, and gradually seeks power to carry out his malicious plan.
As with these Bond films, extensive external defenses are not enough, and measurements are often too slow to stop the intrusion. This is especially true for fragmented organizations and companies that rely heavily on outside contractors and remote employees. When an enemy enters, the entire organization will collapse. With 69% of offenses committed by outsiders, such as organized crime groups and nation states, special problem solvers like 007 can save the day.
Evolving endpoint protection
Endpoints such as workstations and servers are ideal targets for successful managed endpoint security. They are even more vulnerable when they are outside the corporate network. Therefore, they do not benefit from perimeter protection.
Initially, antivirus solutions focused on identifying malware signatures and whitelisting / blacklisting mechanisms. This approach quickly reached its limit due to an important factor. It relies heavily on known feats. As a result, new threats constantly emerge and the system is repeatedly exposed to zero days.
As attack vectors evolve and mutate, software vendors have developed next-generation antivirus (NGAV), a new protection that relies on tools like:
- Machine learning can detect unknown threats and prevent unidentified attacks.
- Endpoint detection and response (EDR) that can correlate events and detect suspicious activity.
- However, these technologies focus on identifying threats rather than protecting the system from within.
Protecting Your System Against InsideEndpoint Privilege Management is a new generation of cybersecurity protection focused on providing an effective immune defense to your endpoints. Rather than trying to identify and block the attack, it will stop anything that is not part of the creature.
To convert this to the IT language: The system can only perform legitimate actions.
This approach is especially interesting for endpoints that are exposed to external networks, such as endpoints used by external providers or remote employees accessing the network. This approach assumes that any system is intrudable, but it implements internal protection so that, if successful, it is not harmed, even if it is outside the corporate network. I will. Endpoint protection uses the principle of least privilege. Without local administrator privileges, intruders and malware cannot obtain the necessary privileges to run processes and applications.
Applying the principle of least privilege also has the following benefits:
Eliminate privileged users on endpoints to prevent malware from damaging your system or stealing critical data
Delete all local administrator accounts for additional protection
Block encryption APIs so ransomware cannot hold your system hostage
Grant the correct permissions to the correct users in the correct context
This is a good first step, but still focuses on the "foreign agent": the user and his privileges. This is great, but not enough, because the system must be able to protect itself from threats.