Is Your Security Solution Secure?

Endpoint Vulnerabilities Must Be Addressed

Six years ago, a receptionist opened an email on her work computer. A seemingly ordinary, pedantic task. Unbeknownst to a menagerie of IT professionals at the time, this message was from her personal web-based email. But, still, none of this was out of the ordinary.

For a plot twist, let us go back six months before she opened the email. A group of hackers had gained access to the municipal active directory for this same environment. While inside the network, they did all the standard things a hacker would do to find the path of exploitation. They even changed the active directory password of the administrator, which they acquired because it was weak and reused. They created a new account in the active directory with administrator privileges. They made SQL accounts as well. Then they created a seemingly common looking email to execute chaos and delivered it via personal email, on a work computer, to the nicest of employees.

Within about two minutes of this email link being clicked, roughly 4,000 machines were compromised. Screens turned white, crazy messages appeared, SQL databases showed spikes in resources, and firewalls were ablaze. Comically, in an attempt to stop the chaos, the Internet was quite literally unplugged to stave off more damage.

Unfortunately, it was too late. Servers, PCs, databases and even backups were all compromised. The organization came to a complete halt, one that would take about a year to recover from.

However, there was no ransom. There was no demand. There was not even a claim of responsibility by any group. Someone did this just for fun.

Endpoint Security

Small to medium businesses often have not thought twice about letting employees have access to their personal email, or about allowing users to connect phones to the corporate Wi-Fi.

An organization does not need to be a massive corporation to have security solutions designed to fit the endpoint (phone, desktop, server) environment. Endpoint security is the easiest way to leverage a solution, often through engagement with a managed service provider (MSP). Even without high-powered, next-generation firewalls or enterprise-level knowledge of switching and routing, anyone from a municipality to a five-person law-firm can get the same level of security that the big names use.

In short, there is no need to tell people that they are no longer allowed to check their personal email at work. (Fun fact: Even organizations that implement such a ban likely allow employees to connect their phones to the company Wi-Fi—where they are still checking personal email.)

Defending Against Attacks

If an endpoint security solution had been in place, the hack described at the beginning of this article would have played out very differently. Software would have seen malicious code execution and immediately quarantined the machine from the network. Encryption and decryption keys would have been observed in flight, captured and stopped. An AI-driven security operations center (SOC) would have seen the information come from the endpoint before quarantine, compared it to a list of known exploits, and immediately warned senior leaders of an unfolding attack. This same SOC could also update endpoints with information about recent attacks and exploits suffered by big corporations, allowing the organization to acquire knowledge about preventing similar attacks without having to learn the hard way.

But if you have a next-generation firewall that stops malicious traffic, why worry about an endpoint? Well, is your firewall monitored by a SOC and updated instantly when an attack unfolds at another business you may not have even heard of? Likely, no.

Network segmentation is also key to security. There is no reason the receptionist’s machine needs access to the vLAN for cameras, just like there is no reason a guest’s phone on your Wi-Fi needs access to the same network your point-of-sale transactions are on.

And a server is no more secure than a desktop. At the end of the day, one is built for up-time and demanding resource allocation, the other for a 40-hour work week. Endpoint security—including observation, reporting and quarantine—plays the same critical role for both.

Conclusion

The phrase “Never let a crisis go to waste” has been attributed to various people. The core point of this phrase, regardless of its origin, is, of course, to leverage a difficult situation to learn, adapt and innovate. But the secret to the phrase lies in what no one ever mentions: It does not have to be your crisis.

The next time you walk past a coworker and see their personal email open, remember the crisis described above. The next time you give the Wi-Fi password to a stranger, remember that you have no idea what they will do with their phone once connected. The next time you get a pat on the back from a big video management company, ask yourself how long this transactional relationship will last and whether your interests and needs are being adequately addressed.

And the next time you hear about a big company suffering a network attack, consider how it might have been avoided through the deployment of a solid endpoint solution.