Progressive digitization and increasing mobility are increasingly exposing workstations and servers to risks. This dramatically increases the consequences of exploiting potential vulnerabilities.
Given the increasing digitization of all sectors of the economy and the growing number of mobile workplaces, even the slightest vulnerability or incorrect configuration of work computers can have catastrophic consequences if misused. However, forward-looking security technologies and solutions are adapting to these new circumstances.
Identify The Source Of Infection Early
The main goal of a cyber criminal is to steal sensitive personal, industrial, or commercial data, encrypt it and demand ransom, publish it or disrupt the company’s production. Cybercriminals reach their targets through “entry points,” often employee workstations. Once compromised, the attacker can penetrate deeper into the system, even if the machine does not have administrator rights.
To accomplish this, attackers can exploit both human vulnerabilities with increasingly targeted phishing (“spear-phishing”) and vulnerabilities in inadequately protected systems. Examples include RDP servers exposed to the Internet or applications that are not updated. To ensure that attackers cannot gain deeper access to the system, it is essential to detect such attacks directly, stop malicious processes and immediately stop their spread on the computer or application.
Adapt The Level Of Protection To The Environment
Ensuring the security of work computers was already a significant challenge on the company premises. With the proliferation of laptops – especially given the mobility needs specific to each company – the task has become even more complex.
Therefore, the protection offered to endpoints must no longer be static but must become dynamic – adapted to the context and the different mobility scenarios within the organization. This means, for example, that the allowed Wi-Fi networks are checked and disabled when a LAN connection is available. Meanwhile, in the case of VPN use, any non-VPN link should be prevented to avoid smurf attacks.
Go For Agent Protection: With A Behavior-Based Approach
It is always more accessible and less risky to identify and stop a malicious element at the point of entry (workstation or server) before it can spread. This is the purpose of a workstation protection system. Traditional signature-based antivirus software is not enough to combat the increasingly sophisticated ransomware. Unknown zero-day attacks are also not immediately detected.
To remedy this deficiency, behavior-based HIPS rely on their analyses to determine a host’s “abnormal” behavior or its applications. If suspicious activity is detected in legitimate applications, the system immediately triggers an alert (or blocks the activity in question) to limit the risk of propagation. Although a bit more complex to implement, the system can easily be tailored to any organization and is capable of stopping unknown zero-day attacks.
Proactively Stop Attacks And Anticipate Future Attacks
Knowing how to stop an attack, known or unknown, is essential. But to go one step further, it is necessary to learn from these attacks to prevent them in the future better. This is one of the tasks that can be assigned to EDR (Endpoint Detection & Response) solutions: in addition to providing an immediate response, examining their logs – after thorough analysis – increases the effectiveness of the solutions in detecting attacks.
In this context, two approaches are possible. The approach, geared towards cloud solutions, is based on the feedback of a thin client installed on each end device and offers all the advantages of artificial intelligence, whereby the devices themselves must always be connected to the Internet. In contrast, a standalone, agent-based solution provides proactive, real-time protection for each endpoint while providing intelligence that enables further attack analysis. Third-party systems can then take these events into account and correlate them in an artificial intelligence context.
Ensure The Safety Of The Protection System Itself
The main target of cyber attackers is company data. But a company’s security systems are also at significant risk. If attackers succeed in disabling the protection mechanisms – or worse: exploiting the extended authorizations of these solutions – the door to the information system is wide open for them.
As with the deployment of any hardware, workstations and applications should minimize the risk of a configuration error or the emergence of a vulnerability as much as possible. This can be accomplished by providing a hardened, highly effective configuration that accommodates the magnitude of the attack surface. Due to the extended privileges usually granted to protection systems, their attack surface is naturally large. Therefore, a security-by-design approach should also be encouraged in their development.