With the introduction of home office, the risks for employees' end devices have increased in many companies. Time to better protect the endpoints - no matter where he is.
Outside of the protective security infrastructure of the corporate network, endpoints are often an easy target for cybercriminals. Security expert CyberArk gives tips on how to protect computers and minimize the effects of attacks.
Cyber criminals target endpoints
Employees' desktop computers are one of the most popular gateways for cybercriminals today. Because the systems are often insufficiently protected, they make it easy for attackers to launch ransomware attacks, steal privileged access data or work their way further into the corporate network to important systems. There are quite a few measures to make life difficult for the intruders. The most effective are:
Remove local admin rights
Administrator accounts are required on Windows, MacOS, and Linux to install and update software, adjust system settings, and manage user accounts. Attackers are targeting these privileged accesses because they can use the far-reaching rights to disable antivirus software or disaster recovery tools and install malware, for example. The quickest and easiest way to harden employee systems is to remove local admin rights and put them in a secure digital vault with rotating credentials. This massively restricts an attacker's options for action and at the same time minimizes the effects of errors, such as accidentally clicking on a phishing link.
Enforce least privilege
Employees regularly want to perform actions that require administrator rights. The policy-based just-in-time assignment of privileged access rights allows them to carry out these activities - provided they have a legitimate interest and the right time. And without first having to laboriously make a request and wait for a response from the helpdesk, so that their productivity is not hindered.
Implement application control policies
Blocking or allowing known applications is not enough to prevent ransomware and other attacks. Companies must be able to:
- deal with unknown applications. For example, you can sandbox them to run but deny them access to the internet. This reduces the risks posed by ransomware and other malware.
- Implement advanced conditional access policies. These "Advanced Conditional Policies" allow employees to use trusted applications securely. In this way, companies can, for example, allow Excel to run but prevent the program from calling PowerShell to fend off malware such as BazarBackdoor.
- establish comprehensive rules for specific executables and groups of executables. Hash values, file names and file paths, among other things, should be taken into account when classifying files. In the case of groups, for example, companies could allow applications signed by a specific provider or from a trustworthy update source by default.
Protect cached credentials
Credential theft is the number one security risk facing organizations today. Many popular business applications allow login information to be stored in memory, and many browsers and password managers cache application and website logins. Since attackers can often read the data there without having admin rights, companies must automatically detect and block attempts to collect login data. Otherwise, attackers can not only log into individual applications, but can also try to circumvent single sign-on solutions.
Deception: Setting up traps, such as honeypots
Endpoint protection solutions, which include so-called deception functions, help to detect attacks. These include, for example, "honeypots" that trick attackers with fake privileged accounts into believing they have a simple target and reveal their activities.
Monitor privileged activities
Attackers like to stay under the radar and carefully probe defenses before planning next steps. By proactively monitoring the actions taken with privileged accounts on endpoints, organizations can identify and stop intruders before they move laterally in the network, securing additional privileges and causing serious damage. A full record of privileged activities is also a tremendous help in compliance audits and forensic investigations.
More at CyberArk.com
About CyberArk CyberArk is the global leader in identity security. With Privileged Access Management as a core component, CyberArk provides comprehensive security for any identity - human or non-human - across business applications, distributed work environments, hybrid cloud workloads and DevOps lifecycles. The world's leading companies rely on CyberArk to secure their most critical data, infrastructure and applications. Around a third of the DAX 30 and 20 of the Euro Stoxx 50 companies use CyberArk's solutions.