We’re all concerned that someday an external hacker – whether malicious or opportunistic – will try to gain access to your company’s critical data and systems, in an effort to exfiltrate data, hold it for ransom, or to simply wreak havoc. So you spend time and effort securing externally facing services and devices, ensure patching is up to date, and generally put up as much of a security wall as possible to keep an attacker from “climbing over it.”
The problem? Your endpoints – both your workstations and servers – bypass (and often leave) the safety and security of your environment daily. How so? The bypassing comes in the form of any phishing or spear phishing attacks that get by your antimalware scanners, prompting users to click a malicious attachment or visit a site embedded with malicious code. Endpoints also leave your “circle of trust” by going on this thing called the
Internet. Sure, when they’re doing work-related browsing, the risk is low. But when you consider 62% of your users spend anywhere from
30 minutes to an hour a day surfing the web for personal use, their actions put the organization at risk.
So what are you supposed to do about it – block the Internet?
Of course not. You could think about trying to play a constant game of “catch up” with solutions that scan for, and block, known malicious code. But the better plan is to be on the offensive by implementing a Least Privilege model on your endpoints. That way, even if a piece of code is accessed, it has no ability to do anything. Now, the goal here is to find that balance between security (that is putting some like of Least Privilege in place) and productivity of the user in question.
Some of you are thinking
This is all great for normal users on workstations, but what about servers with IT users utilizing elevated accounts? Totally fair question. It obviously gets a bit more tricky here, as your elevated accounts have specific ability requirements where there may be little administrative granularity to lock them down.
At a minimum, you need to be thinking about how to keep track of both the
use of elevated permissions (which could be as simply as tracking logons), as well as the
usage of those permissions (that is, knowing what someone did once they logged on). It’s that last one that’s tough. There are no answers for a Windows Server out of the box; some kind of third party solution is going to be needed.
In this
webinar, I’ll be discussing how to find that balance of security and productivity, cover ways to block malicious activity, and discuss more about methods of monitoring user activity as a means of being on the lookout for anything malicious.
Want to learn more?
Watch the webinar now.
