One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2027089 |
| Date de publication | 2020-11-10 12:00:00 (vue: 2020-11-10 13:13:38) |
| Titre | Protecting remote endpoints |
| Texte |
Although businesses have been tasked with addressing a number of remote assets associated with off-site resources such as a sales force that’s often mobile, the number of remote endpoints has grown exponentially. The laptops and mobile devices needed to facilitate working from home full-time for a large percentage of their workers given recent global events has exploded. Companies across all spectrums are challenged with establishing and maintaining an appropriate security posture holistically across their entire Information Technology environment.
While one recent primary driver for this increase in the remote workforce may be the current pandemic, at least one recent study suggests that 67% of organizations who responded expect that work from home (WFH) policies which have been implemented in response to the pandemic will remain in place either long-term or perhaps permanently. As such, it’s imperative that organizations not only address these issues in the short-term, but also incorporate practices to provide acceptable remote endpoint security postures in their strategic governance plans moving forward with the expectation that this is the new normal.
Endpoint security is often divided into three (3) distinct phases with specific goals and actions present within each phase. The phases are:
An effective endpoint security program will address all three phases. This blog post will focus on the first phase and how to address them utilizing AT&T’s Managed Vulnerability Program and the solutions we offer. Please note that this is in no way meant to classify the Prevention phase as the most / more important than the other two endpoint protection phases. Future blog posts will expand on this to address the other two phases of endpoint security and together will collectively address this issue in its entirety.
Prevention
Prevention is a pre-attack phase that focuses on thwarting the exploitation of security weaknesses. Activities include establishing and maintaining accurate and up-to-date hardware / software inventories, as well as providing that the inventoried assets have highly secure configurations and all relevant patches applied. The high-level activities making up this phase are illustrated below:
In essence, these activities are often the foundation of all Vulnerability and Patch Management Programs.
Asset inventories
By executing periodic discovery scans using scan engines supplied with vulnerability management solutions, organizations are able to maintain accurate and up-to-date asset inventories. In addition, the solutions that include the ability to deploy passive scan engines are especially helpful in maintaining an asset inventory given their ability to constantly monitor network traffic and alert in near real-time as they identify unknown assets on a network. Note that while passive scan engines are helpful, they’re not a requirement in maintaining effective asset inventories. By executing regular discovery scans on an aggressive cadence, a similar result can be achieved with active scan engines alone. Keep in mind that by comparing discovery scans, or utilizing alerts generated by passive scan engines, businesses can also use this activity to help identify any rogue devices that may be present within an environment.
This is not only a best practice that all organizations should implement, inventories and rogue device detection are a requirement included within many common security frameworks and compliance mandates (i.e. PCI DSS 2.4, CIS control 1 for inventories and PCI DSS 11.1 and CIS control 15 for rogue wireless device |
| Envoyé | Oui |
| Condensat | …it “how alerts either highly identify on provides reduce 033 2019 2020 363 ability able above acceptable accomplished accuracy accurate achieved across actions active activities activity addition address addressing against agent agents aggressive alert all alone also although any applicable applied applying appropriate are are: asked asset asset’s assets associated at&t at&t’s attack audit august authenticated automated baseline been being below: best blog both business businesses but cadence can challenged changes circumstances cis classified classify clients closing cloud collectively combination common companies comparing comparison compensating compile complementing complete compliance component configuration configurations confirms constantly control controls critical crucial current cves cybersecurity cybersecurity’s daily date day defined deploy deployed deploying deployments derived desired detect detection device devices directed discovery distinct divided documenting doesn’t doing driver dss each effective effectiveness effort efforts either element employed endpoint endpoints engine engines enhance entire entirety entry environment equally equivalent especially essence establishing even events every execute executing expand expect expectation exploded exploitation exponentially exposed externally facilitate facing far final fingerprinting first focus focuses force forward foundation frameworks from full future generated given global goals governance greatly grown had hardware has have haven’t help helpful high highly holistically home host how identified identify illustrated impactful imperative implement implemented implementing important include included includes incorporate incorporating increase indicate information insecure installed instances internally internet intrusive inventoried inventories inventory issue issues it’s its just keep key laptops large least level list long maintain maintaining making managed management mandates manner manual many maturity may meant memorialized method methods mind mobile monitor more most moving near nearly need needed network networking new nist normal not note number occur occur” occurs off offer often once one only opinion option options order organization’s organizations ostensibly other outstanding over overly pandemic passive patch patches pci percentage perhaps periodic periodically permanently phase phases place plans platforms please policies ports possible possibly post posts posture postures potential potentially potentials practice practices pre preferred premise present prevention primary profile program programs properly protecting protection provide providing published question real recent recommend recommendation recommendations recommends reduce regardless regular regularly relevant rely remain remediation remember remote require requirement requires rescanning resources responded response result risk risky rogue said sales scan scanned scanning scans scheduled scheduling secure securing security service services short should similar since site software solution solutions some specific spectrums standard staying strategic study subsequent such suggests summary supplied systems tasked technology term testing than that’s them these they’re thing those threat three throughout thwarting time together total towards traffic trail tuned two type unauthenticated unknown until updates use using utilizing validation various vulnerabilities vulnerability way we’re weaknesses weekly well wfh when where whether which who why will wireless within work workers workforce working |
| Tags | Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.