The Secret to Being ‘Cool’ Is All About Prevention
*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.
When it comes to endpoint security, prevention isn’t considered the cool approach.
With the flood of news reports concerning security breaches, organizations of every kind are understandably obsessed with advanced cyber-threats. However, the industry buzz is all about detection and response and how these capabilities will help businesses strengthen their security.
While prevention may not be sitting at the cool kids' table, it can help mitigate at least 85 percent of intrusion techniques.
Working to help reduce the uncool stigma of prevention techniques, the Australian Signals Directorate (an intelligence force with Australia’s Department of Defense) came up with these four key intrusion prevention strategies and corresponding solutions:
While the Australian Signals Directorate periodically reevaluates the list for strategy effectiveness, the four strategies above have remained in order at the top of the list since first published in 2010.
Let’s take a closer look at the three solutions for the top three cyber-threat prevention strategies:
1. Application control
With the proliferation of malware, application blacklisting is, frankly, an exercise in futility.
Instead of identifying every application that can't run, application control solutions allow only trusted applications that can run. These solutions can also detect risky software usage, identify untrusted software for additional analysis, pinpoint where and when unauthorized applications entered the network and even support license management efforts.
LANDESK and AppSense deliver application control capabilities without blacklisting headaches.
2. Patch management
Patch management stops exploits that attack application or operating system vulnerabilities by eliminating those vulnerabilities and making such threats ineffective.
Though, to be truly effective, organizations need to apply at least weekly application software updates with minimum impact to their networks, computer performance, and user productivity. LANDESK and Shavlik solutions are designed to distribute and install software updates with flexible scheduling and then reboot with minimum user impact.
Operating systems are exposed to additional attacks like network service exploits that allow an operating system to be compromised remotely. Operating system patch management solutions from LANDESK and Shavlik use advanced distribution capabilities that enable reboot scheduling and allow for fast, network-sensitive deployment – balancing security and user productivity needs.
3. Privilege management
Users like having administrative rights to their system and they aren’t too happy when IT teams have to remove those rights to better control and secure endpoints. AppSense takes a ‘least privilege’ approach to privilege management, giving end users what they need in order to be productive and providing elevated privileges on an application or even process basis, as appropriate.
The bottom line: prevention works. Using solutions from LANDESK, Shavlik, and AppSense, you can mitigate at least 85 percent of intrusion techniques, giving you more time and energy to focus on the remaining exception cases. We think that is pretty cool.