The sophistication of hackers’ methods today is such that most organizations have advanced defensive systems and working methods to lower their chances of falling victim to cybercrime. The specific challenges of protecting dynamic networks mean the security team must choose its tools carefully.

Identity and Trust

In the past, cybersecurity focused on perimeter and node-based protection. Heuristic scanning, pulled or pushed updates, and heavyweight locally-installed agents provided protections based on historical incidents.

It has become more apparent that a barrier-based defense is ineffective, especially against zero-day attacks and user errors, including phishing and exploiting personal information to gain trust.

Zero Trust frameworks offer parity between machine and people identities and, therefore, an acceptance that compromised devices can be as dangerous to an organization’s assets as a member of staff fooled by clever social engineering to download malicious applications.

Many Zero Trust cybersecurity solutions providers do not fit modern cybersecurity demands well. For medium to large organizations and MSPs, discreet business units that work across hybrid topologies and numerous cloud services, the solutions fail on two counts:

1. Endpoint definition. Endpoint instances are static (desktops, servers, network infrastructure), while mobile devices and devices used for remote/hybrid work are a third device classification. They all belong in the same category as endpoints.
2. Historical legacy. Many cybersecurity solutions have evolved from a perimeter/client platform and lack the flexibility to adapt to bad actors’ speed of change and their adoption of advanced technologies, like AI.

Effectiveness Starts at Deny by Default

The Zero Trust framework works from a fundamental precept of deny by default. The concept of deny by default comes from the acknowledgment that compromised devices can (often shipped as default, such as Windows PowerShell) spread malicious code, including ransomware, across networks no longer bound by an organization’s perimeter.

That means an infected device can affect cloud-based assets as easily as it can access local nodes on its LAN. By denying actions such as the ability to execute code, download files, or connect to other applications, ThreatLocker enables cybersecurity teams to control who and what can be present on a distributed network and what they can do. Users can even be blocked from getting basic access by means of conditional access with geofencing.

ThreatLocker Ringfencing™ can prevent applications from running unapproved binaries and only be permitted to access assets given the proper set of circumstances. Administrators can define these as simple (after machine identity is confirmed, for example) or more complex (read-only access permitted between certain hours, emanating from specific IP blocks).

Policies encompass all devices used in distributed networks that include remote access – like home or mobile workers – and can be applied to different nodes, such as servers, network gear, mobile devices, laptops, and IoT devices. That prevents a single compromised device from executing a payload or traversing beyond a limited subnet. The applied controls address issues such as a device joining an unprotected network, infected devices hopping from node to node, and the execution of payloads with delayed execution.

The latest ransomware tactics have moved beyond encryption and extortion to include data exfiltration and blackmail for its return. In a Zero Trust environment, such as one protected by ThreatLocker, even compromised machines can be prevented from connecting beyond the LAN, making exfiltration impossible. And that’s even assuming malicious code will deploy at all.

Matters of industry

Creating safe policies for specific industries (healthcare, finance, education, etc.) will differ according to threat levels, governance factors, and required levels of data access. The ThreatLocker administrative dashboards simplify policy creation and exceptions yet produce powerful results.

Finding the balance for endpoints between usability and security has traditionally been one of rolling back access (to the internet, for example) and preventing client actions. In the ThreatLocker Zero Trust environment, a policy is defined by what is allowed, which can be determined by intelligently designed templates and customized according to specific organizations and industries.

To learn the differences between traditional cybersecurity and the new paradigm of Zero Trust, reach out to a ThreatLocker Cyber Hero Team Member or enroll in a free trial so your team can test the ThreatLocker Zero Trust Endpoint Protection Platform in your environment.

The post Default deny: Navigating the new frontier of cybersecurity with ThreatLocker appeared first on Tech Wire Asia.

The global average cost of one of these breaches is estimated to be $4.45 million this year, which marks a 15 percent increase over the last three years. Zero-day vulnerabilities – undiscovered flaws in an application or operating system open to threat actors – are also becoming more of a concern. They are known to be one of the most valuable things a hacker can exploit.

According to the Microsoft Digital Defense Report 2023, the number of human-operated ransomware attacks is up more than 200 percent since September 2022. This is, in part, because many attackers are choosing to skip the classic step of endpoint encryption. Instead, they exfiltrate valuable company data to extort from victims, reducing the time and effort needed to execute the attack. The cost of ransomware attacks is estimated to reach $265 billion by 2031.

In response to these growing cyber threats, federal governments and accredited agencies worldwide have created compliance frameworks for organizations to follow. These frameworks help ensure the security of an organization’s digital infrastructure and sensitive data. Agencies often suggest guidelines for implementing robust cybersecurity measures and promote regularly auditing and updating security protocols to stay ahead of evolving threats.

Agencies often suggest guidelines for implementing robust cybersecurity measures and promote regularly auditing and updating security protocols to stay ahead of evolving threats. Source: Shutterstock

Frameworks include the US National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, which helps companies manage cyber risks, with an update coming in 2024 for small businesses and higher education institutions. NIST SP 800-171 safeguards Controlled Unclassified Information, while Critical Security Controls (CSC) from the Center for Internet Security (CIS) defend against the most prevalent cyberattacks.

The latest version of CSC specifically addresses modern threats which have emerged from the likes of cloud-based computing and remote work.

Unfortunately, these compliance frameworks can be confusing to navigate. The language used is often ambiguous, making it difficult to determine whether the guidelines are being properly followed and which technologies are required to implement adherence. As an organization works through one compliance framework, it will likely implement software or technology that satisfies multiple – but not necessarily all – requirements from different frameworks. It can also be difficult to know which frameworks or specific guidelines are relevant to a company.

Despite these challenges, working to follow the frameworks relevant to a company’s industry and jurisdiction is a worthwhile endeavour, given the presence of ever-advancing cyber threats. There is also no need to review each body of guidelines and governance separately, as ThreatLocker® has a comprehensive checklist that covers the guidelines the frameworks have in common. Its recommendations include:

• Access controls
• Antivirus/antimalware solution
• Application controls
• Backup system and disaster recovery plan
• Data loss prevention
• Encryption
• Group health plans that protect private health information (PHI)
• Incident response plans
• Centralized log management
• Network security
• Physical security controls
• Remote access controls
• Follow secure coding practices
• Secure configurations
• Secure mobile device management
• Training
• Vulnerability management
• Written policies

ThreatLocker’s solutions apply a true Zero Trust endpoint security model, where no entity is trusted by default. Source: Shutterstock

Security solutions from ThreatLocker® can assist a company in meeting these requirements by providing endpoint security and application control. They are unique in that they apply a true Zero Trust endpoint security model, where no entity is trusted by default. Everything is blocked – applications, inbound internet traffic, downloads – unless an organization has specifically approved it. Gartner analysts predict that 60 percent of organizations will embrace Zero Trust as a starting point for security by 2025.

ThreatLocker® is the only provider of Ringfencing™, an advanced application containment tool that controls what applications can do once they are running, reducing the likelihood of a zero-day vulnerability exploit and the weaponization of legitimate tools.

To learn more about how the ThreatLocker® Endpoint Protection Platform can help your organization comply with the relevant cybersecurity frameworks and keep you ahead of threats, reach out to a Cyber Hero Team Member or book a free trial today.

The post The cybersecurity compliance checklist: A roadmap to cyber resiliency with Zero Trust appeared first on Tech Wire Asia.