User workstations are the most “effective” vector for malicious attacks against organizations’ ISs. Storm ShieldEuropean leader in the cybersecurity market, offers five tips to protect them against all kinds of threats.
The main objective of an attacker is to seize sensitive personal, industrial or commercial data, encrypt it and demand a ransom. This is achieved by finding “ideal entry points”, which are usually the users’ workstations, in order, once compromised – even without elevated privileges – to penetrate deeper into the system. To achieve this, both human vulnerabilities are exploited, with increasingly targeted phishing (“spear phishing”), and poorly protected systems: RDP servers exposed on the Internet or outdated applications.
To ensure that attackers cannot gain deeper access, it is important identify these attacks as soon as they occurstopping malicious processes and immediately preventing their spread on the machine or application.
In addition to discovering the origin of the infection as soon as possible, adapting the level of protection to the environment is key. For this reason, and if before guaranteeing the security of workstations was already an important issue in the company’s own facilities, now, with the proliferation of laptops and the challenges of mobility, it is even more complex.
Therefore, the protection of workstations can no longer be static, but must be dynamic, depending on the context and the different mobility scenarios of the organization. This means controlling authorized WiFi networks, disabling them when a LAN connection is available, or, in cases where a VPN is active, preventing any connection other than the VPN (to prevent smurf attacks).
Protect the agent and predict future attacks
Compared to a traditional signature-based antivirus, unable to counter ransomware and immediately detect unknown Zero-Day attacks, a job protection system it can identify a malicious element at the point of entry and block its activities to prevent its spread. A behavior-based HIPS focuses its analyzes on the “normal” behavior of a host or its applications. So if suspicious activity is detected in legitimate applications, the system will alert or block the activities to limit the risks of spread. Can neutralize Zero Day attacks.
The protection of workstations can no longer be static, but must be dynamic, depending on the context and the different mobility scenarios of the organization
Knowing how to interrupt an attack – whether known or unknown – is essential, but it is also learn of them, for be able to prevent them in the future. With an Endpoint Detection & Response (EDR) solution, in addition to an immediate response, the inspection of the records allows to improve the effectiveness of the solutions in the search for attacks.
In this regard, two approaches should be highlighted. One focused on the cloud solution, based on the response of a thin client deployed on each workstation, and which requires that the workstations be connected, and the other based on an independent agent-based solution that provides proactive protection in time. real for each position, while offering information that allows a deeper analysis of the attack. Third party systems will learn from these events, correlating them in an artificial intelligence context.
Ensuring the security of the protection system
Although the main objective of a cyber attacker is the company’s data, if he manages to circumvent the organization security systems, the door of the information system will be wide open for them. To limit the risk of error or the appearance of a vulnerability, a reinforced and effective configuration must be offered, promoting a “security by design” approach in the development of these protection systems.
“Even when well protected, the workstation is a very vulnerable link since, by definition, it is connected to the company’s Active Directory, which is also the target of numerous vulnerabilities to access company data. Securing workstations should be a permanent task”, comment Antonio Martínez Algora, Technical Manager Stormshield Iberia. “To achieve this, in addition to following these simple tips and undertaking an updated workplace policy, it is important to use common sense, with increasingly cyber-responsible employees and cybersecurity strategies.”
A complete layer of protection
To protect workstations and servers against these dangers, Stormshield has Stormshield Endpoint Security Evolution (SES Evol), an endpoint protection solution new generation adapted to recent usage patterns and current cybersecurity issues.
With its military-grade secure architecture, advanced HIPS features (buffer overflow detection, process flushing…) advanced device control, customizable protections, and advanced contextual security techniques, based on a Zero Trust approach; SES Evol can be used in the most demanding contexts.
Combining adaptive behavior protection and device control technology with capabilities to identify and investigate the origins of attacks, SES Evol is the ideal solution to combat intentional and involuntary intrusions, vulnerabilities, known and unknown attacks, misuse of applications unauthorized connectivity, as well as access to and loss of critical data. SES Evol also ensures control over peripherals and removable devices and control of applications and wireless connections.
George is Digismak’s reported cum editor with 13 years of experience in Journalism