Although the frequency and damaging nature of breaches are realities today’s organizations must face, the announcement of what caused the breach often doesn’t come until much later. Typically, the executive leadership of the victim organization publicly blames the sophistication of the attacker, but is this the only reason attackers achieve their objectives? True, many adversaries are using highly advanced tools, techniques and procedures (TTPs), but it’s surprising how many legacy attack methods are still finding success.
This is occurring even as today’s enterprises are spending more than ever on cybersecurity — Gartner predicts that spending will reach $113 billion by 2020 — and layering solution after solution in an effort to stave off a devastating attack. However, if your security doesn’t provide the “who, what and where” of everything occurring on your endpoints, you could be one rogue system or unpatched application away from a catastrophic breach.
A recent study, conducted by the U.S. Army Research Laboratory attempted to discover if cyber intrusions can be predicted. Although the researchers expected to find that a lack of effective cyber defenses would signify more intrusions, they were surprised to find that a strong predictor of cyber intrusions is a lack of IT hygiene, including the failure to comply with organizational cybersecurity policies.
To fully understand the importance of IT hygiene, consider how network infrastructures have evolved. Today’s organizations are handling more data than ever before and scaling rapidly in increasingly heterogeneous environments — conditions that can be difficult to manage. Without clearly-defined and disciplined adherence to IT hygiene policies, even the best defenses may have security gaps. That’s why effective IT hygiene must begin with visibility — both in real time and historically — so that organizations have complete awareness of everything occurring on their endpoints.
What Happens When IT Hygiene is Missing?
The best way to appreciate the value of good hygiene is to understand what happens when it’s missing. First, without it, you won’t fully understand the users and endpoints running on your network. This allows today’s well-armed attackers, who are busy leveraging rogue systems, credentials and applications, to gain access to your endpoints, using an array of sophisticated and evasive TTPs. Once an adversary is in, he may have free reign to elevate privileges and even grant access to others, moving laterally throughout your network and “living off the land.” In extreme cases, cybercriminal marketplaces like xDedic have based their entire business model on infiltrating organizations and selling their systems to other attackers.
The “Who, What and Where” are Key
You can’t protect what you can’t see, so being able to sort and label your environment accurately is a critical first step to securing it. Understanding “who” is in your environment prevents intruders from silently infiltrating your network and elevating permissions. Knowing “what” applications are running and any applications or operating systems that need patches helps protect you from attackers that exploit such vulnerabilities. The ability to discover unprotected endpoints — the “where” — keeps attackers from creating backdoors that allow them to return unseen and at will.
The Benefits of IT Hygiene
Achieving the network transparency that a “hygiene-first” approach creates offers significant benefits for your organization. First, making sure your users are adhering to corporate security policies can ensure that old accounts are eliminated, mitigating the risk of “credential creep,” which occurs when the credentials of former employees stay active and are used. Knowing what’s running on your network allows you to pinpoint vulnerabilities and ensure that all application and OS patches are promptly deployed — keeping you ahead of attackers who exploit unpatched apps and systems. Finally, having visibility across all your endpoints clarifies where there might be gaps in your security, enabling you to extend protection across all hosts on your network.
Falcon Discover Puts IT Hygiene First
As part of the integrated CrowdStrike Falcon® platform, Falcon Discover™ is CrowdStrike’s IT hygiene solution. It gives you the comprehensive transparency and visibility you need to pivot quickly and mitigate security risks, providing the visibility and control you need to clean up your network and stay ahead of attackers. Leveraging Falcon’s cloud-native architecture, Falcon Discover streams information directly from your endpoints into the cloud and is not reliant on scan-based sweeps. Although IT environments may vary in scale and style, Falcon Discover addresses the three key areas that are vital to keeping your network clean and secure:
- Account Monitoring that allows you to see who is working in your environment and ensures they’re not violating their credential permissions.
- Application Inventory, which proactively identifies outdated and unpatched applications and operating systems so you can securely manage all the applications in your environment.
- Asset Inventory, showing you what machines are running on your network and allowing you to deploy your security architecture effectively, to ensure that no rogue systems are operating behind your walls.
Learn more about IT Hygiene and Falcon Discover in the white paper, “IT Hygiene: The ‘Who, What and Where’ of Endpoint Protection.”