Raising Your Security Posture: 3 Things You Should Look at Next
It’s been a busy year in security so far for 2020. Apart from all the other challenges we deal with, we’ve now seen how quickly security threats can pivot when an opportunity presents itself.
Widely reported in April 2020 was the 30,000% increase in phishing and malware attacks against Remote Workers. A massive increase in work from home (WFH) initiatives signals a great opportunity for threat actors to exploit these new WFH users.
So where is your next target to improve your security posture? Whether it’s based around remote workers or not, where should you be concentrating your efforts?
Here are three areas we highlighted during our recent Ivanti Interchange Virtual World Tour. I hope they give you some info and ideas on where to head next in your security journey:
1. App Hardening
Block those macros. We hear it all the time. Office macros are bad; just block them all. Great security idea, but not the most practical for all businesses. Some rely on spreadsheets and documents embedded with complex macros to make complicated work and calculations simple. Take them out of the business, and the business takes two steps backwards at a time when we all need to be taking steps forwards.
So how do we tread that fine line between block ‘em all, and only allowing those that are trusted?
Obviously, there are some built in mechanisms in Windows, group policy settings, digital certs etc. and the settings in the Trust Center options of Office 365 to block and allow only some macros.
How Ivanti Can Help
EM allows for granular, contextual policy control of all macro settings rather than a “one size fits all” approach from Group Policy.
Our AC product allows us to control any external files or processes called from parent processes like Winword.exe or Excel.exe or even Chrome.exe.
On my laptop, I have AC configured to block all PowerShell, java, and cmd executions from my standard Office apps like Office 365, Acrobat, and Chrome. I can’t see a reason why they need to call those mechanisms, so as a security measure they’re blocked.
2. Connected Devices and Removable Media
You’re probably familiar with the ACSC Essential 8 Strategies described here, and hopefully you are all some distance along the way to measuring your maturity level against this model. But something that’s not obvious is the absolute number one priority when assessing your risk from malicious Insiders: “control removable storage media and connected devices” to mitigate data exfiltration.
What’s the best way to do that; what’s the best solution?
Well, there are a lot of differing solutions and strategies around locking USB keys and controlling connecting devices. Your best solution revolves around your own use cases, and what you need to achieve to mitigate your organisation's specific risks. Simply blocking USB storage can even be covered by Group Policy so if that’s your only need, happy days.
How Ivanti Can Help
We have regular conversations around Device Control and I’m always pushing for people to discuss their requirements first. Our Ivanti Device Control (DC) is used around the world by the most super secure organisations, all who have multiple, and sometimes complicated requirements.
I call it the Rolls Royce of Device Control and make sure I let customers know that during discussions. After all, there’s no point buying a new Rolls Royce when all you really need to do is buy milk at the shop. That Corolla in your garage will probably be good enough. 😊
But, if granular control of ALL devices—not just USB Storage—is important, and if you need to enforce encryption, restrict file copies by type of file (PDF,DOCX etc.), or even to look inside files for key words, and shadow copy every document printed, our DC solution has you covered.
We can help you meet those extensive controls to ensure a high level of data loss prevention and compliance.
3. Automated Reporting
Part of the previously mentioned ACSC Maturity Model, and a requirement for Level 3 on patching operating systems or third-party applications is an “automated mechanism” being used to record patches and drivers that have been deployed and installed. Not only does this record compliance, but it also simplifies updating exec’s in the event of a specific threat they have questions around.
How should you do that; where should you start?
Many of my friends in security worked all weekend when WannaCry struck, not patching machines, but collecting data for reports for execs. If that was you, consolidating, and automating your compliance reporting will save you manpower and overtime.
Every security product will have some level of reporting built in. Most will offer some form of scheduling reports, and potentially email them automatically to important people.
We typically hear consolidated reporting is a big issue. Grabbing information from multiple sources, centralizing it and monitoring compliance can be a big challenge.
How Ivanti Can Help
I’ve loved our Ivanti Xtraction product since the first time I saw it back in April 2016. I’ve been blown away by the value it offers to customers, and the flexibility of its centralized business value dashboards reporting from multiple data sources.
It not only talks to every Ivanti Security product with a bunch of out-of-the-box dashboards pre-configured, but can also connect to other databases with a suitable connector like Microsoft SCCM and Active Directory. These connectors also include a bunch of OOTB ready built dashboards.
Scheduling reports or dashboards for execs is very simple and easy to configure. All your compliance reports centralized and managed in one place.
So that’s it. I hope you’ve found some value from the info across these three areas and how you can look to raise your security maturity level.
For more info, and to see some Live Software, you can also watch our session “ACSC Essential 8 – Prioritizing Your Next Step” on demand by registering here.
Please stay safe, and if you have any further questions please feel free to reach out to Ivanti.