Where to Start with Security?

Leave a reply

An issue I’ve seen with many organizations is their desire to simplify their security stacks. When I think of simplification, I think of prioritization. What is it that has restricted my activity the most as an end user? That would be the place to start with security.

It’s not the firewall or the cloud gateway. When I’m on the road with my company laptop, I don’t have to be connected to or through those systems to do work in the hotel room. I can be on the hotel wi-fi and just go anywhere on the Internet and get into all kinds of fun and trouble on my own. By the same token, an entire host of security measures that lock down the data centers and perimeters will mean nothing if my endpoint becomes compromised and brings malware into my organization, when I connect to it again.

An endpoint protection agent is a strong contender for blocking bad things, but I know that there’s just a search between myself and a script I could download and run that would shut down that endpoint agent long enough for me to do other bad things… or for an attacker to do those bad things without me knowing they’re going on. So what can stop that script from elevating privileges and breaching security? Something that secures identity locally.

If the endpoint identity is locked down so that it can’t escalate privileges, it’s game over for tons of, well… games. I won’t be able to install apps that require admin permissions for their installation and I won’t be able to grant myself the admin rights needed to override the protections on my system. If I have a legitimate need to elevate privileges, then I can request those formally, have my actions recorded as I use those elevated privileges, and then have those privileges expire when the task is completed.

That identity security, by extension, then helps to hold the fort with the endpoint agent. If local admin rights can’t shut it down, then it keeps running to check on things with my endpoint. It can maintain data loss protections, keep USB drives from connecting, and protect against various and sundry other evils. And, yes, that’s my second area of protection: the endpoint detection and response (EDR) agent.

But hot on the heels of that EDR agent is a secure sandbox browser. The browser became our primary human-machine interface back in 1995, and with all its hooks into the local operating system, it’s become a primary attack vector. Having an enterprise browser that can keep all the detonating payloads in a secure sandbox would be my choice for bolstering my mobile, BYOD, and remote access options. The bonus with an enterprise browser is that it essentially replaces the need for a virtual desktop for accessing internal systems.

Those three things – identity, EDR, and secure browsing – that’s where I’d start my security simplification journey.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.