Rethinking endpoint security in the ‘New Normal’
Karl Lankford, director, Solutions Engineering at BeyondTrust looks at the challenges of securing devices in the post Covid 19 era
Telework is certain to become a fixture in organisations across almost every vertical, long after the COVID-19 outbreak subsides. In fact, according to a recent report by Robert Half, 80 per cent of UAE employees would prefer to work from home, post COVID-19, citing savings in time and money and productivity gains.
But the sudden transition to telework has forced IT departments to rethink how to secure networks, as they implement policies and tools to protect employees working from home. Particularly with the growing number and diversity of devices connecting to networks, there needs to be a major focus on management of endpoint privileges, which is a central piece of modern endpoint security.
The case against traditional AV
Endpoints are no longer just desktops, laptops, and servers, but include smartphones, tablets, wearables, and Internet of Things (IoT) technologies, and other non-traditional devices that may connect to corporate systems or the Internet. Due to social distancing policies, organisations have also experienced an explosion of employee-owned devices (BYOD) regularly hitting their networks.
While organisations have traditionally deployed antivirus (AV) and antimalware software on endpoints, these solution classes have long been recognised to only partly address endpoint security. AV and anti-malware solutions tend to be signature-based, meaning they work best at protecting against threats that are already well documented, and they frequently introduce computing performance issues. Some of these solutions are evolving to include machine learning and other next-generation capabilities, yet they still miss many modern attacks and cannot typically mitigate internal attack pathways, such as via lateral movement. If an end user clicks on an infected link in a phishing email, it can bypass many of these anti-malware and antivirus controls altogether.
While AV and antimalware software can typically help prevent ransomware attacks that have already been documented and for which there are code pattern matches, new variants of ransomware can be completely missed. According to Verizon’s 2020 Data Breach Investigations Report (DBIR), ransomware accounted for 27 per cent of malware incidents across all industries.
Cyber attackers haven’t taken a break during the coronavirus epidemic, they’ve just adapted their bag of tricks. At least several major hacker groups have already used coronavirus-related phishing scams to steal user credentials, according to a joint alert issued in April by the US Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). The Verizon report also shows that phishing remains on the most significant threat vectors across all industries.
The Case for Privilege Management
Least privilege is recognised as one of the most fundamental security IT strategies, yet, companies have lagged in fully implementing it across endpoints. As opposed to signature-based tools which rely on code matches and heuristics, endpoint least-privilege solutions are policy-driven to dial in the precise level of privilege a user or endpoint needs, and nothing more. The 2020 edition of the annual Microsoft Vulnerabilities report, showed that removing admin rights would mitigate 77 per cent of all Critical Microsoft vulnerabilities in 2019, 100 per cent of Critical vulnerabilities in Internet Explorer & Edge, and 80 per cent of Critical vulnerabilities affecting Windows 7, 8.1 and 10.
By enforcing least privilege via an endpoint privilege management solution, organisations can dramatically reduce the threat surface against both internal and external attacks, while allowing employees just enough access to remain productive in their roles. Modern solutions can elevate access to applications without provisioning extra privileges to the end-user themselves.
In addition to stopping many attacks (such as ransomware, phishing-related exploits, etc.), which need privileges to execute, endpoint privilege management can also deny a malicious attacker from gaining the privileges they need to move laterally and exploit vulnerabilities or acquire sensitive files.
The leading privilege management solutions also layer on application control capabilities, which further support workforce productivity, while reducing application security risks. Application control can enable instant ‘allow’ or ‘deny’ decisions for application access or privilege elevation based on whitelisting, blacklisting, and greylisting policies.
Another benefit of these endpoint privilege management solutions is their ability to help reduce the burden on IT help desks. For instance, freshly remote employees often need to access new technologies to fulfill their roles or install new devices (such as home printers).
The COVID-19 pandemic has altered the way organisations works. Remote workers require access to resources on the organisations’ campus, organisation-sanctioned cloud services, and on the public web. Each of these areas presents unique risks and the need for corresponding security capabilities for appropriate use.
Endpoint Privilege Management presents a potential for significant ROI by protecting the organisation against an enormous range of insider and external threats, while also enhancing operational performance and end-user productivity.