Not very long ago, an enterprise cybersecurity strategy resembled that of the medieval Lord who relied on the fortified castle wall to protect the inner kingdom. Likewise, the traditional enterprise originally relied on a robust hardware constructed firewall that established a perimeter to guard against hackers and other threats. Unfortunately, that is no longer a sufficient line of defense and enterprise security can no longer rely on single-focus solutions to combat against malicious threats.

Defense strategies now require multiple security layers at all entry points to protect and counter-strike against pervading attackers. Cybercriminals don’t limit their assaults to networks with direct frontal attacks at the firewall perimeter. Instead, they target end users, baiting them through cleverly designed phishing attacks or drive-by websites. These tactics are used to launch malware payloads that target unpatched devices and other vulnerabilities. A more direct approach involves credential stuffing attacks that utilize vast botnets that perpetually induce login attempts at network assets. In fact, between May and June of this year, there were 8.3 billion login attempts initiated by bots for malicious purposes.

In a 2017 interview, Google Information Security Manager Heather Adkins said, “At some point in the history of your company, you’re probably going to get hacked. The question is not whether or not you’re going to get hacked, but are you ready?” This view is widely accepted as fact by hackers and pen testers alike. In a recent survey at the DEFCON conference in Las Vegas, NV, more than 80% of respondents believed that most network defenses can be breached within twelve hours.

To combat the increasingly confident hacker, cybersecurity strategists incorporate a systematic approach involving multiple defense strategies to account for the breakdown of any one component. In other words, when one layer is breached, another layer step up to the plate to combat the invading threat.

Let’s consider a typical ransomware attack that utilizes phishing as the primary deployment method. Most ransomware comes through email. As most enterprises open port 25 for incoming traffic, a traditional firewall will not block the ransomware at the perimeter. You need an email security gateway solution to combat phishing attacks. However, these solutions are not foolproof, as phishing experts constantly have new ways to infiltrate the user inbox. Should a phishing email make it through, the recipient is now responsible if he or she clicks on an embedded URL link or malware infested attachment. This is a fairly typical example of a security breach, and also an example of where good security awareness training can pay off.

Unfortunately, according to the 2018 Verizon Data Breach Report, 4% of enterprise users will click on most anything, and in some studies that number can be as high as 50%. Once clicked, the last line of defense is endpoint protection, but only if that hasn’t already been updated with the signature identity of the arriving malware. If that is the case, just hope you have a good recent backup.

the signature identity of the arriving malware. If that is the case, just hope you have a good recent backup.

Once a hacker successfully performs a credential stuffing attack on your users, the hacker takes over the account and all the privileges and rights inherent to it. Similarly, any sort of malware or malicious code that your users download is programmed to acquire the permissions and privileges of the user’s account session. Meaning, the more privileges a user has, the more damage that can be inflicted upon your network. Not surprisingly, admin accounts are the keys to the kingdom.

An ideal security strategy must limit the privileges of standard users allowing them to perform their standard duties, but no more. Translation: no local admin rights. PolicyPak Least Privilege Manager allows you to eliminate admin rights on your Windows machines. By elevating the designated applications your users need, bypassing UAC prompts and giving access to necessary Control Panel applets, your users can still perform admin tasks, but you are ensuring that the bad guys don’t act like admins within your network.

With PolicyPak Least Privilege Manager however, you have an additional layer of protection that is not dependent on constant security updates or whitelists. Think of PolicyPak Least Privilege Manager as your failsafe layer. It assumes that if you get hacked, the bad guys will implant their malicious tools within user devices. But with PolicyPak SecureRun, you will be protected from those attacks. With SecureRun, the only applications that can run are those that are “properly installed” or otherwise sanctioned by you.

PolicyPak Least Privilege Manager with the understanding that malware will infiltrate your enterprise perimeter, but that doesn’t have to mean that anything has to happen beyond that. On premise, off premise, domain or non-domain joined, PolicyPak Least Privilege Manager can protect your devices from ransomware, cryptolocker, Trojans and other nasty applications. Let it be a definitive security layer of your security strategy.

Sources:

http://www.digitaltransactions.net/how-a-swarm-of-malicious-bots-is-making-credential-stuffing-a-huge-problem/
https://techcrunch.com/2017/09/18/googles-heather-adkins-thinks-everybody-is-going-to-get-hacked-and-you-need-to-be-ready/
https://www.zdnet.com/article/most-hackers-claim-they-can-break-enterprise-systems-in-12-hours/