WEBINAR EXECUTIVE SUMMARY
SecOps Strategies for the Windows Endpoint
- Ransomware is the most common threat against endpoints.
- Windows includes several protection technologies that improve end-user security.
- Basic endpoint security configuration plays a critical role in protecting the business.
- To remain secure, applications must be hardened, up to date, and audited.
- Adaptiva Client Health is the fastest, most automated way to manage endpoints.
An organization’s security depends not just on how well protected its servers and networks are, but on security around its endpoints.
Attackers who are able to gain access to one unprotected, low-priority endpoint system can quickly find their way to other files and systems. Once inside, attackers have access to an organization’s intellectual property or other information, which can result in big problems.
With so many endpoints in any organization—even when just considering Windows workstations—securing these systems can be daunting.
Adaptiva Client Health helps organizations ensure that their systems are healthy and secure.
Watch the webinar to learn more about SecOps Strategies for the Windows Endpoint.
click presenter image to see bio
SecOps Strategies for the Windows Endpoint
In our recent webinar, Orin Thomas discussed how organizations can secure their endpoints to keep common threats at bay. Dan Richings discussed Adaptiva Client Health, which offers a fast and automated way for businesses to secure endpoints.
Ransomware is the most common threat against endpoints.
Threats against endpoints change over time as technology evolves. The most prevalent attacks today come from ransomware which monetizes the virus. Coin miners are a candidate to become the most prevalent attacks of the future.
Threats Against Endpoints
If you’ve got well-hardened servers but poorly hardened clients, someone only needs to attack and compromise one client and use it as a bridging point to gain access to a more hardened server.
Orin Thomas, IT Pro Contributor
Windows includes several protection technologies that improve end-user.
Attackers typically gain access to critical systems through less critical and less protected client systems. Windows offers tools and technologies to increase protection for both client and server systems, making it more difficult for attackers to gain a foothold within the IT environment.
Protection Technologies Built Into Windows Client and Windows Server
- Virtualization-based protection of Code Integrity
- Hardens operating system (OS) kernel against memory attacks
- Requires trusted platform module (TPM) and secure boot
- Works in conjunction with the Windows Defender (WD) Application Control (previously called Device Guard Configurable Code Integrity Policies)
- Uses virtualization-based security to isolate secrets
- Only specially signed processes can access this virtual container
- Mitigates credential theft attacks
- Isolates enterprise-defined untrusted sites to protect employees interacting with the internet
- Works for websites, cloud resources, and internal networks
- If employees browse to untrusted sites in Microsoft Edge or Microsoft Explorer browser or in file explorer, the site is opened in an isolated Hyper-V container
- Not to be confused with WD Application Control
- Restricts applications users can run
- Restricts code that runs in the System Core (kernel)
- Blocks unsigned scripts and Microsoft installer scripts (MSIs)
- Not to be confused with WD Application Guard
- Protects and maintains the integrity of the system as it starts up
- Protects and maintains the integrity of the system as it is running
- Validates that system integrity has been maintained through local and remote attestation
- Built into Windows 10, Server 2016, and Server 2019
- Exploit protection uses OS security features to run applications in a more constrained way, making it less likely they can be used for an attack
- Attack surface reduction reduces the number of points where an attacker can enter the system; requires WD Anti-Virus
- WD Network Protection provides malware and social engineering protection; requires WD Anti-Virus
- Controlled folder access controls which applications are able to access sensitive folders; provides ransomware protection
Basic endpoint security configuration plays a critical role in protecting the business.
Organizations can further improve system security and better protect the business by configuring endpoints to be more secure. Basic endpoint security configuration includes:
- Lock down the pre-boot environment to ensure the basic input/output system (BIOS) and unified extensible firmware interface (UEFI) settings cannot be modified without a password and that the device will not boot in a pre-boot execution environment (PXE) or from a USB without authorization.
- Protect storage from offline attack by encrypting storage so that the attacker cannot remove it and mount it elsewhere.
- Lock down services that should not be running and disable those that are not necessary.
- Understand needed local accounts, including which local accounts and local groups should exist, and implement a Local Administrator Password Solution (LAPS).
- Configure the local firewall to block outbound traffic by default and greenlight exceptions.
- Improve password protection by disabling picture password policy and PIN sign-on and following current character minimums and age maximums. For example, the Australian Signals Directory (ASD) recommends 10 characters minimum and 90 days maximum age.
- Configure caching group policies related to credential quotient. Store only one previous logon in cache where the DC isn’t available and do not store passwords for network authentication.
- Improve authentication with biometric or two-factor authentication, and by allowing authentication only during authorized hours.
- Regularly inspect systems for physical devices, such as keyloggers.
- Implement Internet Protocol Security (IPSec) on local networks, encrypting network traffic.