How To Create A Great Cybersecurity Posture: Compute
If a hacker gains access to a PC, they potentially gain access to everything that our companies used to do business. You want to have endpoint protection in place to avoid such situations from occurring. Endpoint protection could mean a variety of different things. When you’re talking about next generation antivirus software malware prevention, anything that helps you secure that environment will suffice. We recommend FortiEDR, Cyclance and Web Root.
Welcome back to Whiteboard Wednesday. My name is Mike Cromwell.
I’m Brian DeVault.
And we’re here today extending our series on cybersecurity, specifically the elements of a great security posture. So today we’re going to dig into the fourth element, which is Compute. Brian, why don’t you take it away and tell us what the key elements are here and why they’re so important to a business.
Yeah, you bet. And you notice this category is a little longer. We’ve got a few additional items in here that we want to want to take care of, because this represents a lot of risk in our environment. Right? If someone gains access to a PC, they potentially gain access to everything that our companies used to do business.
In order of magnitude, where does this one rank amongst the top threats.
It’s huge. It’s huge. It’s right behind end users. I would say in terms of risk. One thing you want to have in place for sure is endpoint protection. When I say in Endpoint protection, it could mean a variety of different things. But what you’re talking about are next generation antivirus software malware prevention, anything that helps you secure that environment. We’re huge fans of several products here at Netrio. As an MSP, we use FortiEDR. We use Cylance, we use Web Root. So we’ve got a few different offerings there that we endorse.
You got to have an RMM enrollment tool or something that you can use to manage your computing environment. So, those are tools that allow the systems administrators to perform IT management task. Right? So they can run scripts, they can patch software, they can change passwords. They can do all kinds of things that they need to do to manage that asset. Lock it down if they need to. Those types of things. You’ve got to patch, right? You’ve got to patch your system. This is common knowledge. You’d be surprised how many businesses don’t do it, but it’s one of the easiest things you can do to increase your cybersecurity posture is just to make sure you have a good patch management policy.
And that good RMM tool to make sure that it’s applied. It’s not enough just to patch anymore. You’ve got a report against it as well. Right?
When we talk about patching, why is it so important that companies stay up to speed on that front?
That’s a great question. So what drives patches are vulnerabilities when a software manufacturer determines that there’s a vulnerability within their system, or if a hacker determines that for them, then they’ve got to go create a patch for it. They create a fix for it. And those are just iterative software updates that help secure the system. Sometimes they introduce features or benefits outside of what came with the base OS. But for the most part, they’re security related.
Developers are always trying to stay ahead of the hackers, and it’s just this constant cat mouse game. And once there’s a vulnerability exposed, the patch is released. How much are hackers going to look for companies where they haven’t done the patch deployments yet and exploit that to get in?
All the time is the answer.
That’s the reason?
That’s the reason why it’s important. And it’s got to be regular. And you got to have a plan for zero day exploit. If something comes out and a manufacturer produces an immediate fix for it, there’s probably a reason behind that urgency. Go fix it. Right? So you got to patch your system. You’ve got to Harden your systems. Right? So when manufacturers install software operating systems on computers that come off the shelf, they have security vulnerabilities. There are services that are enabled that don’t need to be enabled.
There are administrative shares that are open against that PC that don’t need to be there. Same thing goes for servers. Right. So it’s not just an exercise in you take a computer out of the box, load your endpoint protection on it, and you’re done right. You’ve got to Harden it. And most MSPs will use an image process to do that. You’ve got to scan and report. So this is going to come into play in several other of our categories. But unless you understand what your vulnerabilities are, then you don’t know to patch for them.
Same thing from a patching perspective, you got to scan after you patch to understand what your effectiveness rate was. Right. So it’s not good enough for me as a system administrator anymore to just put to punch the button in my RMM tool that says, I want to patch all these on Saturday night, right. If I patch them all on Saturday night on Monday morning, I need to be running a report against that. That says, how many of those effectively patched which ones do I need to go manually touch which machines were offline at that time?
And when is their next schedule? Time to catch up on that patch?
Got it because you could have deployed something into the environment that didn’t take because somebody might have been offline or so whatever reason.
A plethora of reasons. Most of the time when you run patching or when we run patching, it takes around three times or three rounds of patching to get that patch process complete.
So that’s you’ve been in the business, so for the average company, probably not even aware of that.
No. And most people, if they don’t have a system in place for doing patching anytime something pops up on their computer and computer and says it needs to update, they’re going to hit that later button. Right. Do it later. Do it later. I’m busy right now. When you have one of these tools that allows you to push it, you can prevent that from happening and say the user cannot choose to do this later. Then you talk about agents for cyber security software. So we’re an AT&T cybersecurity partner here, we use the AlienVault platform, and there’s an agent that you can load on every computer that communicate information about host information detection, host intrusion detection, file integrity management, all of those things.
So it reports against anything that’s suspicious that’s happening within the environment. So your soccer your MSSP can remediate that, take the machine offline, quarantine it, whatever is necessary. And really, this is about prevention, right? The cyber security posture in general is about prevention. There’s a few things that you can do related to incident management or MDR, but really, it’s about prevention. So we really want to try to focus on that and then in the server environment or cloud environment, you’re definitely going to want some post intrusion detection systems in place so that if in the event that an asset does become compromised, you’re immediately going to be made aware of it.
Endpoint security is crucial for businesses of all sizes. Cybercriminals are constantly coming up with new ways to take advantage of employees, infiltrate networks, and steal private information. And while smaller businesses may think they’re too small to be targeted, it’s actually the opposite. Cybercriminals are banking on your feeling that way, and will specifically target smaller businesses in the hopes that they haven’t implemented adequate endpoint security. Whether you’re a small office or a multinational corporation, you need to make sure you have reliable endpoint security services in place.
Endpoint security works by allowing system administrators to control security for corporate endpoints using policy settings, depending on the types of protection or web access employees and systems require. Admins should block access to websites known to distribute malware and other malicious content in order to ensure full protection.
A next-generation endpoint security solution should be cloud-based, and should use real-time machine learning to continuously monitor and adapt each endpoint’s threat detection, protection, and prevention. Comprehensive endpoint security tools defend both physical and virtual devices and their users against modern, multi-vector threats. Ideally, it would use behavioral objectives to analyze files and executables in real time, proactively and predictively stopping threats. In this way, a next-gen solution offers significantly more effective protection than more traditional, reactive endpoint security solutions.
RMM Enrollment Tool
Remote monitoring and management (RMM) software is used for network management and asset monitoring for IT systems. These tools provide visibility over connected endpoints, actions taken, and network performance. They are used in IT departments to ensure remotely connected IT assets are standardized, performing optimally, and operating in accordance with standards. RMM tools typically come with features that allow IT professionals to track issues, monitor systems, allocate tasks, and automate maintenance jobs.
RMM software can help businesses gain insight into the performance, health, and status of their various IT assets. They can also help IT professionals discover new assets, detect issues and resolve them remotely. With properly maintained remote monitoring, businesses will improve both network performance and network security.
To be effective in the RMM category, a product should monitor IT assets including endpoints, computers, and applications, monitor network performance, security and availability, discover and track IT-related issues and allow remote administrators to access endpoints.
Patch Management Policy
A Patch Management Policy is very important to have in any business and not used enough. It is basically a set of steps and procedures aimed towards managing and mitigating vulnerabilities in your environment through a regular and well-documented patching process. A patch management policy lists the guidelines and requirements for the proper management of vulnerabilities and involves various phases such as testing, deploying, and documenting the security patches applied to your organization’s endpoints. A vulnerability appears when a released software’s code is flawed, which means that malicious actors may exploit it. Every time a vulnerability is discovered, it may publicly be disclosed or not.
The key to patching efficiency is putting the right people in charge, who will be able to properly handle patch management-related aspects. Everyone on the team should have clearly defined roles and responsibilities, all parties involved must know exactly who owns which process. The main aspect that you should keep in mind is to never let your users take care of the patching themselves.
Enforcing a proper patch management policy will save you time and money and highly decrease security issues. As automatic patch management systems install patches periodically, they will eliminate the manual components of patch management. Also, it will ensure the software flaws are detected as soon as they are discovered, and that they can be quickly patched.
Harden Your System
System hardening is the process of securing a server or computer system by minimizing its attack surface, or surface of vulnerability, and potential attack vectors. It’s a form of cyberattack protection that involves closing system loopholes that cyber attackers frequently use to exploit the system and gain access to users’ sensitive data.
Part of the system hardening elimination process involves deleting or disabling needless system applications, permissions, ports, user accounts, and other features so that attackers have fewer opportunities to gain access to a mission-critical or critical-infrastructure computer system’s sensitive information.
System hardening involves securing not only a computer’s software applications, including the operating system, but also its firmware, databases, networks, and other critical elements of a given computer system that an attacker could exploit.
There are five main types of system hardening:
- Server hardening
- Software application hardening
- Operating system hardening
- Database hardening
- Network hardening
Correctly setting up and running an antivirus scan on your computer is one of the best starting defenses for keeping your system free of malicious software. A strong defense begins with selecting an antivirus solution for your computer and understanding how to get the most out of it. Learning to properly use a virus scan will keep you much safer: without regular full scans, your system may be hiding some unpleasant surprises.
A comprehensive antivirus protection software will automatically download and install the latest virus definitions before executing a scan, ensuring that you are protected from all currently known Internet threats. This proactive protection helps by recognizing malicious behaviors that may signal an attempt to infect your computer. Then, it neutralizes them from the start.
Always be sure to schedule a time for regular virus scans to take place automatically. This should probably occur during downtimes where you can leave your device active but unused. Many people schedule their full scans to run at night, find a time that works for you.
Agents For Cybersecurity Software
Software agents, like people, can be most useful when they work with other software agents in performing a task. A collection of software agents that communicate and cooperate with each other is called an agency. System designers using agents must consider the capabilities of each individual agent and how multiple agents can work together. The agent-based approach allows the system designer to implement the system using multiple agents, with each agent specialized for a particular task.
For example, an electronic commerce application might have buyer agents, seller agents, stocking agents, database agents, email agents, etc. All of these agents need to communicate with each other and must have the capability of working together to achieve a common set of goals.
Software agents are suitable for use in a wide variety of applications. They can make it much easier to build many kinds of complex systems. However, the system designer must remember that agents are not the long-sought silver bullet that developers have been seeking. Software agents are appropriate for use in implementing certain kinds of applications; in other problem domains, other technologies will be more appropriate. The developer must carefully analyze system requirements to determine if agents are an appropriate implementation mechanism.
Agents are well-suited for use in applications that involve distributed computation or communication between components. Agent technology is well-suited for use in applications that reason about the messages or objects received over a network. This explains why agent-based approaches are so popular in applications that utilize the Internet. Multi-agent systems are also suited for applications that require distributed, concurrent processing capabilities.
Cybersecurity involves preventing, detecting and responding to cyberattacks that can have wide-ranging effects on individuals, organizations, the community and at the national level. It can be difficult to know where to begin when it comes to protecting your business from cyber crime and cyber attacks. There’s so much information out there that it can become overwhelming, especially when the info is conflicting. You need a solution that’s right for your business and your employees.
You need to implement a security solution that hunts for malicious files that have breached your defenses, and also enables users to respond to threats and validate that your endpoints are completely clean. This endpoint validation needs to be conducted on a periodic basis and be available on-demand when needed in dynamic cloud environments. Also consider using detection and incident response tools with deep analysis and forensics-based capabilities that can assess the health of an endpoint by validating what is actually running in memory at a given point in time, has run, or is scheduled to run in the future.
This blog post is part of NETRIO’s weekly Whiteboard Wednesday series. Follow along on Linkedin and YouTube each week as Brian and Mike discuss use cases, new technology, and trends.