Decluttering Your IT “Desk”
There is an old adage that claims “a messy desk is the sign of genius.” Although many of us desk jockeys live by this creed, applying the “pile-system” (organization by creating piles) to IT security can be disastrous. While a disorganized desktop may result in having to hunt 15 minutes for last quarter’s financials, a cluttered IT environment can result in ignoring the warnings signs of a potentially catastrophic breach.
This confusion is a symptom of the increasing volumes of data IT must manage. Despite their best efforts, organizations will inevitably overlook systems and users in their network as they scale up in size. Each one of these undetected systems represents a broken link in the security chain. To make matters worse, poor password policy enforcement leaves your organization vulnerable to brute-force credential theft and “silent failure.” Silent failure occurs when attackers gain access to and remain in your network without being noticed because you don’t have complete understanding of who and what is in your environment.
Before deciding on a security solution, it’s important to first understand what you are protecting. Applying a “hygiene first” approach to security architecture will give you full visibility into your IT environment and help you address blind spots in your architecture. Once you identify these, you can find the security solution that provides comprehensive threat prevention, detection and response and satisfies your organization’s security requirements. This will ensure that you stay ahead of attackers.
Key Elements of IT Hygiene:
You can’t protect what you can’t see. IT hygiene provides visibility into the “who, what and where” of your environment while giving you the means to address security risks before they become issues. This lets you clear, sort, and label your piles — so you can accurately assess the status of your network.
When evaluating your environment’s security, an effective IT hygiene solution should focus on three key areas:
- The “who”: Who is working on your network and what can they do? Credential theft accounted for 81 percent of hacking-related breaches last year, according to the 2017 Verizon Data Breach Report. The theft of administrative privileges means attackers can silently infiltrate your network and elevate permissions for further access. Poor password policies and “permission creep” can leave your network exposed to brute force attacks.
- The “what”: What applications are being run and what is the security risk? Unpatched applications and operating systems, particularly in BYOD business environments, can be leveraged by attackers. Often, users forget to update their applications consistently, which can create vulnerabilities in your architecture. In addition, users may deploy software as a “one-off” solution, while your organization continues to rack up licensing fees for programs they no longer use.
- The “where”: Where are the unprotected systems? A chain is only as strong as its weakest link. Having unprotected systems in your environment can create a backdoor for attackers, offering them unguarded access to your data.
IT Hygiene with CrowdStrike Falcon Discover
CrowdStrike’s IT hygiene solution, Falcon Discover™, delivers the key elements good IT hygiene demands by providing complete IT transparency and visibility, enabling you to pivot quickly and mitigate security risks throughout your enterprise. Cleaning up your network helps you stay ahead of attackers. Although IT environments may vary in scale and style, Falcon Discover addresses three common areas vital to keeping your network clean and secure: credential usage, application inventory and rogue systems.
- Credential usage allows you to see who is working in your environment and ensure they’re not violating their credential permissions. System administrators remain highly targeted, and with poor password renewal policies, credential theft is a harsh reality. By providing insight into password updates, you can prevent credential creep by removing old administrative accounts or ensuring that users update their passwords regularly. Taking this a step further, visibility into unusual admin behavior or privilege elevation can prevent silent failure by tipping off your security team as soon as something suspicious occurs.
- Application inventory proactively identifies outdated and unpatched applications and operating systems. Streamlining your application inventory with IT hygiene solves security and cost problems simultaneously. Visibility enabled via IT hygiene prevents exploits related to patches and system updates. It also optimizes your software configuration. Real-time and historical views of application usage identify unused software that can be removed, potentially saving your organization thousands of dollars in unnecessary licensing fees.
- Rogue systems allowing you to see what machines are running on your network enables you to effectively deploy your security architecture and ensure no rogue systems are operating behind your firewalls. Suspicious systems can be instantly addressed and mitigated. Identifying the unmanaged assets in your environment enables you to identify and eliminate potential vulnerabilities before attackers can reach them.
A messy desk may be the sign of genius, but a clean IT environment is the gold standard for security. With a comprehensive understanding of what is running on your environment, you can quickly deploy additional security solutions to ensure all of your assets are protected. IT hygiene solutions can complement existing security products, including the other components of the CrowdStrike Falcon® platform especially next-generation antivirus and EDR (endpoint detection and response) with managed hunting.
Employing a highly-effective IT hygiene solution is a discipline that should be part of your organization’s endpoint security strategy. Once you have established a transparent security architecture baseline, you’ll be ready to deploy your existing endpoint protection solutions across your network.