Investigate any data breach impacting today’s enterprises, and you will likely find evidence of credential theft and lateral movement by attackers. Stopping threat actors from gaining persistence and deepening their compromise once they have gotten through the digital door remains part of the daily routine of security professionals.
In a traditional work environment, an employee would come into the office and sit at a desk using a computer provided and configured by their employer. Administrators could easily manage these systems without providing local admin rights or administrative privileges. The problem is that once you connect an individual endpoint device to an enterprise IT environment, this device can put the entire infrastructure at risk. For example, Microsoft Windows stores hashed passwords locally, and if the device is configured to allow the user administrative privileges, hackers can exploit these privileges to pivot and move throughout the network. This is a critical part of defending devices against ransomware and other malware attacks. If one machine is infected, local administrator privileges can be used to spread to other machines throughout the network, widening the scope of any data theft operation and leaving more systems to clean up.
As enterprises embrace identity as the new perimeter, IT managers still need a system for managing endpoint security in a way that ensures users get the minimum access level by default, but can receive the privileges they need when required. This is principally achieved by implementing and enforcing the principle of least privilege and application control at the endpoint.
Earlier this year, IDSA noted in its Identity Security: A Work In Progress report that least privilege was the most commonly implemented identity-related solution to improving security posture. Fifty percent of those surveyed had fully implemented it, while 37% said it was in progress. Thirty-eight percent said they fully implemented the ability to continuously monitor and discover user access rights.
To enforce least privilege successfully, enterprises need to have a comprehensive understanding of the privileges required for each employee, application, and device. This is no small challenge, and is the reason managing identity is not just about one team—it is about multiple stakeholders, from security to HR, working together. User access rights can evolve over time, and changes can go undetected if not properly audited, making continuous discovery of access rights a critical security control. Keeping track of user privileges as business requirements change can be highly complex, and handling privilege management manually is out of the question.
Typically, these needs are handled by Endpoint Privilege Management solutions, which allow organizations to grant and remove local admin rights on workstations and servers. Effectively managing privileges at the endpoint also includes application control, which was another method many forward-thinking enterprises are adopting to manage and constrain permissions for applications running on corporate devices. According to IDSA’s report, 79% said they had either fully implemented or were in the process of implementing the auditing of application access. With the right policies, you can whitelist, blacklist, or greylist applications in your environment, which shrinks the attack surface by preventing unwanted applications from running.
This reality is complicated by the explosion of remote workers by the pandemic and the continued use of personal devices in the workplace. Organizations need to have stringent policies in place to govern remote workers and ensure they are only given the minimum amount of access to sensitive systems for the minimum amount of time necessary.
In a world where employees are working remotely and utilizing their personal endpoint devices, effective privilege access management is a must, and forgetting the endpoint is not an option.
About the Author: Saravanan Thiyagarajan is leader of the IDSA DevSecOps TWG subcommittee and Director of Technology and Industry Relations at CyberArk. He has 20 years of experience in Enterprise Security and Systems across all Industries and all size. He likes to stay on top of cutting edge/emerging technologies such as Cloud native technologies, Password less Identity , Decentralized identity – Blockchain tech.