Black Kite reported that 53% of organizations were hit by ransomware attacks in 2021, and that number was expected to increase to 69% in 2022. Cyberattacks show no sign of slowing, so it is critical that organizations have necessary cybersecurity precautions in place. One of the best ways to protect your IT environment is with an endpoint security process.
What is endpoint security?
Endpoint security involves hardening and securing your endpoints to protect against malicious attacks. It is a cybersecurity approach that aims to protect a system by reducing its attack surface.
Endpoints are remote devices used for computing. Examples include: desktops, laptops, servers, tablets, smartphones, workstations, and Internet-of-things (IoT) devices.
What is the difference between endpoint security and antivirus?
Endpoint security involves all the processes, tools, and configurations you use to protect an endpoint from threat actors. It takes a much broader view than antivirus, which is one particular tool that’s part of your endpoint protection stack. In endpoint security, antivirus is used in conjunction with EDR, endpoint hardening configurations, DNS filtering, firewall, network security, and security awareness training for end users.
Why endpoint security is crucial
In your organization’s IT environment, there are three main points of entry into a system. Those entry points are people, networks, and endpoints.
Threat actors can attempt to convince people to give them their credentials through strategies such as phishing and confidence attacks. A weakness in your network can also allow someone to enter in and attack your systems. When it comes to endpoints, you ultimately can’t do anything to a system if you can’t get on a device. That’s why they are a major point of entry into IT systems.
Every single endpoint in your organization is a point of entry into your IT environment that could potentially be exploited for a cyberthreat or cyberattack. Thus, endpoint hardening should be one of your business’s top cybersecurity concerns.
How does endpoint security work?
1) Gain actionable intel
To effectively protect your endpoints against current threats, you need to actually know what those threats are. Look for reliable sources that can provide you with the latest information on threats and how to deal with them. Here are some ideas to get you started:
Security trusted resources and threat feeds
- InfoSec Twitter (start here)
- CVE, RSS, and government feeds
- Reputable security vendor feeds
- Internal IT and Enterprise:
- Security focused:
2) Upgrade your hardening process
With the information you gain from these sources, you’ll be prepared to implement it in your IT environment. To ensure that implementation is successful, you should have an established hardening process. Include these essential steps for mitigating threats and hardening devices:
- Identify the risk
- Scope out the the likelihood and impact
- Develop the configuration to remediate or mitigate the risk
- Test and verify the mitigation
- Deploy the mitigation in phases, with a backout plan
- Document the change, and report on the exceptions
- Monitor the mitigation to the vulnerability with your RMM
3) Mitigate the vulnerable legacies
Unfortunately, there are many legacy technologies that are suffering from vulnerabilities. You’ll want to take proper action to mitigate these vulnerabilities. Here’s a list of major legacy vulnerabilities:
- Server Message Block v1: stop using SMB1
- PowerShell 2.0: disable Windows PowerShell 2.0
- TLS 1.0/1/1, and SSL (all versions): solving the TLS 1.0 problem
- LanMan (LM) and NTLMv1: LanMan authentication level settings
- Digest Authentication: WDigest Authentication must be disabled
- Patching: update and apply patches as part of vulnerability management using cloud-based patch management
4) Secure your organization’s endpoints
At the core of modern security efforts is first improving the security posture of the operating system and its configuration. Strengthening the build at this layer allows the rest of your efforts to sit on a solid, and modern foundation. Refer to the following resources for how to effectively do this:
- ASR/Anti Exploit rules
- Restrict lateral movement tools and techniques
- Native features
- Reputation-based protection
- SmartScreen for Microsoft Edge
- Potentially unwanted app blocking
- SmartScreen for Microsoft Store apps
- Secure boot
- Remove unneeded apps and features
Now that you’ve strengthened the local operating system, turn towards the wider network, and the services exposed amongst the interconnected world. This ranges from configuring the local network to reducing the acceptable inbound traffic allowed.
- Disable RDP or harden RDP
- Disable DNS Multicast
- Disable NetBios
- Disable SmartNameResolution
- Configure the firewall
Restricting the attack surface available with local accounts, services, and the credential store frustrates attackers and prevents the quick and easy elevation of privileges. This could alert you to an attack, increase the time needed to bypass the mitigations, or even prevent an attack from succeeding.
- Remove local admin rights
- Harden local administrator accounts
- Limit logon rights for accounts
- Utilize the protected users group (Active Directory joined devices)
- Protect domain credentials with credential guard
Attackers often attempt to exploit some of the most common tools and settings organizations rely on. These elements are widely distributed and installed on endpoints. Without further configuration, they can lead to easy attacks of opportunity.
- Office Suite
- Adobe Reader
- Make it a process
- Pick an application
- Evaluate its needs and risks
- Work with key contacts to ensure a good balance between risk and usability
- Research hardening techniques for that specific program
- Mitigate the risk and exposure with more comprehensive configurations
Web browsers tend to be one of the more overlooked elements in the stack. Yet, their configuration sets the scene for one of the most used programs installed on computers today. Locking down and enforcing a few basic security features can help secure this critical entry point.
- Smartscreen Phishing Filter and Advanced Protection
- Dedicated Sandboxing of processes
- Most browsers now isolate the processes that form the stack we all use to experience the web, you can extend Application guard into other browsers which allows a hardware isolated browser session for risky sites.
- Other browsers
- Control installed extensions
Get started with increasing your endpoint security
Endpoint security is an essential component of effective cybersecurity. If your organizational devices are hardened and protected against threat actors and malicious attacks, it prevents a cascade of possible negative effects from ever occurring. Plus, it’s much simpler to put the proper protections and precautions in place before an attack rather than trying to salvage data after the fact.
NinjaOne’s automated endpoint management software delivers on the fundamentals of endpoint security. Our tools give you greater visibility into a device, the ability to deploy configurations to harden endpoints, manage and deploy patches, and more. Discover how Ninja can help increase your endpoint security by signing up for a free trial today.