Monthly Archives: October 2024

Where to Start with Security?

Leave a reply

An issue I’ve seen with many organizations is their desire to simplify their security stacks. When I think of simplification, I think of prioritization. What is it that has restricted my activity the most as an end user? That would be the place to start with security.

It’s not the firewall or the cloud gateway. When I’m on the road with my company laptop, I don’t have to be connected to or through those systems to do work in the hotel room. I can be on the hotel wi-fi and just go anywhere on the Internet and get into all kinds of fun and trouble on my own. By the same token, an entire host of security measures that lock down the data centers and perimeters will mean nothing if my endpoint becomes compromised and brings malware into my organization, when I connect to it again.

An endpoint protection agent is a strong contender for blocking bad things, but I know that there’s just a search between myself and a script I could download and run that would shut down that endpoint agent long enough for me to do other bad things… or for an attacker to do those bad things without me knowing they’re going on. So what can stop that script from elevating privileges and breaching security? Something that secures identity locally.

If the endpoint identity is locked down so that it can’t escalate privileges, it’s game over for tons of, well… games. I won’t be able to install apps that require admin permissions for their installation and I won’t be able to grant myself the admin rights needed to override the protections on my system. If I have a legitimate need to elevate privileges, then I can request those formally, have my actions recorded as I use those elevated privileges, and then have those privileges expire when the task is completed.

That identity security, by extension, then helps to hold the fort with the endpoint agent. If local admin rights can’t shut it down, then it keeps running to check on things with my endpoint. It can maintain data loss protections, keep USB drives from connecting, and protect against various and sundry other evils. And, yes, that’s my second area of protection: the endpoint detection and response (EDR) agent.

But hot on the heels of that EDR agent is a secure sandbox browser. The browser became our primary human-machine interface back in 1995, and with all its hooks into the local operating system, it’s become a primary attack vector. Having an enterprise browser that can keep all the detonating payloads in a secure sandbox would be my choice for bolstering my mobile, BYOD, and remote access options. The bonus with an enterprise browser is that it essentially replaces the need for a virtual desktop for accessing internal systems.

Those three things – identity, EDR, and secure browsing – that’s where I’d start my security simplification journey.

Prophecy as Warning

Leave a reply

As a member of The Church of Jesus Christ of Latter-day Saints, I live with an understanding that people are able to receive revelations to offer guidance and comfort. God loves us, but we often confuse love with removing all problems. That’s not love, that’s co-dependence. Love is providing us with warnings when things are coming our way so that we can make ready for them. We are here on earth to learn and experience things, and those things involve dangers, hazards, pains, and trials.

If we return love to God, we heed those warnings, no matter what their source. We are able to have insight into the truth of those warnings and, as we give our hearts and minds over to trying to better understand our existences in a way that approaches God, we are more sensitive to those promptings and more likely to choose to act upon them.

God does not want us to experience our lives blindly. But it is up to us to accept the vision for the future and to be able to withstand it as we understand it. There are terrors approaching, but we can prevail if we heed prophetic warnings and make our preparations.