High-profile security breaches come every week, creating a guessing game of who will make the headlines next. Recent compromises include Equifax, Marriot, and British Airways, which just received the largest fine in GDPR history for the breach of its customer financial data. These premier companies, we assume, used sophisticated cybersecurity tools and practices and maintained impenetrable attack surfaces. It’s bewildering when these mega-breaches hit and further erode consumer trust. After all, how can an organization that stores our most sensitive personal data be compromised, and, in the case of Equifax, for so long and so easily?
There are many culprits, including the security skills shortage, complex and non-integrated tools, weak endpoint protection and poor security processes. Most organizations approach security processes with a checklist of simple, traditional measures, focusing on maintaining a perimeter and hiding behind it. They plug in the best endpoint protection they can afford and maybe use SIEM (Security information and event management) and EDR (Endpoint Detection and Response) to understand where threats are getting through. However, most are ignoring a crucial portion of their attack surface, -- The Endpoint.
- The endpoint is where attacks originate
- The endpoint is where persistence is gained
- The endpoint is where lateral movement goes to and from.
- The endpoint is where processes are injected
- The endpoint is where network packets originate
- The endpoint is where the data lives
- And it is where the bad guys exfiltrate from
Organizations have spent many years building an immense stack of extremely complex and noisy solutions that, in the case of SIEM and EDR, can only help us after the fact. More recently, we’ve spent our time trying to get all of them to talk to each other to understand what bad thing just happened to the organization. Too little, too late.
Due to data center migration to cloud and other infrastructure initiatives, millions of assets appear on the internet every day — websites, servers, the third-party components running on them, mobile apps, certificates, social media profiles, and more. And they’re entirely outside the scope of traditional tools like next-gen firewalls and endpoint protection. Some of the most notable breaches were caused by an expired cert, in the case of Equifax, and compromised Javascript, in the case of British Airways. These organizations may be investing in their security, but they’re failing miserably at managing their overall attack surface.
Among the many aspects of the attack surface, simple system misconfiguration is the second biggest cause of mega-scale security disasters. Most threats in the wild target well-known application and configuration vulnerabilities. For example, the Capitol One breach and WannaCry ransomware could have been blocked with simple endpoint configuration changes.
Example Configuration Analytics Rules include Microsoft Windows settings such as:
- ASLR Disabled
- Session Manager Protection Mode Disabled
- Insecure Guest Logon Enabled
- No Autorun Disabled
- Telnet Service Enabled
Simply setting these to an improper status could open the doors to automated or targeted attacks.
Today, the tools and processes required for discovering these misconfigurations are spotty at best and can take considerable resources.
Fortunately, a new breed of tools, such as Bitdefender’s Endpoint Risk Analytics, is available to provide insight and visibility into the risk associated with misconfiguration and work to bring the massive scope of an attack surface into focus. For more information on how Bitdefender’s Endpoint Risk Analytics works, please check out our dedicated whitepaper.
With tools like these, organizations can take a proactive approach to defense by continuously managing and reducing the attack surface, making it harder and harder for attackers to succeed.
Watch the ESG video below about the importance of endpoint risk analytics and learn more about adding risk analytics to endpoint protection platforms in this ESG Solution Showcase.
High-profile breaches still occur, and it won’t be long until fines and loss of business force companies to raise their game. Consumers and regulatory bodies are already punishing businesses that place their data at risk. Those who fall short in managing their entire attack surface (not just internal networks) will suffer greater material losses. Today there’s a new essential capability in endpoint security—Attack Surface Management. Companies can now take a proactive approach to identify forgotten, mismanaged or vulnerable assets.
For more information on how you can better manage your attack surface, please view a brief on-demand webinar or download our “Reduce the Attack Surface by Tackling Digital Risks” whitepaper.
tags
Dan Wolff is Bitdefender’s Director of Endpoint Product Marketing, responsible for global enterprise go-to-market for Bitdefender’s leading endpoint detection, response and protection solutions. Previously, he was Director of Cloud Security Product Management in IBM’s Security Division, driving new cloud security offerings from concept to launch across IBM. Previously, Dan was McAfee’s Director of Products for Endpoint Security, responsible for enterprise endpoint security products. He is a recognized security expert with over 20 years of security engineering, marketing and management experience.
View all postsDon’t miss out on exclusive content and exciting announcements!