A new Technology Spotlight from independent analyst firm IDC highlights steps for securing privileged credentials as part of a proactive approach to hardening the endpoint against cyber attacks. Security and desktop operations teams will gain insight into the foundational elements of a comprehensive cyber security strategy to reduce the attack surface that includes endpoint protection. The Technology Spotlight, “Key Considerations for Securing Privilege on the Endpoint,”1 is sponsored by CyberArk.
The paper highlights the findings of data breach investigations that uncovered significant enterprise security risks associated with the exploitation of local administrator rights and account credential theft, and where existing, reactive endpoint security solutions can fall short in being able to detect and contain potential threats.
According to IDC, “the endpoint continues to be the focal point where criminals clash with IT defenders on a daily basis. Unfortunately, most organizations continue to invest in sophisticated malware detection technology without addressing endpoint security best practices. This leaves significant gaps that enable attackers to evade detection.”
Laptops and workstations are the most frequently targeted attack vector used by malicious actors to gain initial access to the corporate network, making endpoint security a critical factor in an organization’s overall risk posture. Once an attacker gains access to an endpoint and a local administrator account, privileged credentials are easily elevated to achieve lateral movement and full network takeover. Still, 62 percent of organizations have not yet taken steps to remove local administrator rights from the endpoint.
The paper explores how organizations can adopt endpoint security best practices, such as removing local administrator rights from the endpoint and implementing application controls, like greylisting, to delay and deter advanced threats. In addition, IDC recommends organizations:Establish a formal patch management program to support a regular patching cycle for endpoint systems;
- Implement strict password and account management policies, such as one-time use credentials, and enforcement mechanisms;
- Adopt continuous monitoring and analytics solutions to detect and block credential theft at the endpoint in real-time.
CyberArk Endpoint Privilege Manager, available as part of the CyberArk Privileged Account Security Solution, protects against advanced threats that exploit privileged credentials by interlocking three core capabilities: privilege management, application control and new credential theft detection and blocking to stop and contain damaging attacks at the endpoint.
CyberArk Endpoint Privilege Manager, previously CyberArk Viewfinity, delivers an additional layer of proactive protection through the hardening of the endpoint by removing local administrator credentials, reducing risk while alleviating pressure on help desk support, and enabling flexible application control, allowing organizations to prevent malicious applications from executing and utilize greylisting to run unknown applications in a restricted mode.
The Technology Spotlight, “Key Considerations for Securing Privilege on the Endpoint,” is available now for download.
1 – IDC Technology Spotlight, sponsored by CyberArk, “Key Considerations for Securing Privilege on the Endpoint,” December 2016, IDC # US41694116