Today we’re kicking off a new series on going beyond Zero Trust. We start by looking at enhancing endpoint security. Throughout this series we will focus on the principles that round out your cyber defense and build on top of the Zero Trust foundation.
If you didn’t catch our previous series exploring Zero Trust security, we reviewed its three core security principles of least privileged access, never trusting a connection, and assuming a breach. Considering these as your core elements to a strong cyber defense foundation, we’ll now look at going beyond them to achieve greater security and threat protection.
Assess more than just connections for Endpoint Security
Secure Remote Access helps secure connections to your endpoints. In Zero Trust, you’re not only making those connections secure, but also permitting least-privileged access so users can only perform what you want them to do and when you want them to do it.
As we look at increasing your endpoint security further, you need to look beyond the user and at the devices and assets their selves. What software is installed on the endpoint? Do you know how many devices exist within your network or if they should be there? Your devices, not just the people connecting to them, can easily become your weakest link for a bad actor to exploit.
What is Baseline Configuration Monitoring?
Baseline configuration monitoring is a critical element in your endpoint security. We discussed the importance of logging and monitoring in our previous series, saying it is important to monitor the connections to your endpoints and know if a change has been made to them.
Now your aim is to go beyond this level of monitoring to further enhance security. Not only should there be logging and monitoring of all user activity, but it should be available in multiple formats, retained and compared against a common clock. This gives you not only the information of who did what, but both the visual and logged inputs that tell a complete story across your environment for forensic reporting that is coherently told through that universal time stamp.
If Zero Trust is about not trusting the user, beyond Zero Trust means not even trusting your devices. Mature endpoint security should have routine, fully automated device health checks. This means you aren’t just monitoring the device when a user has touched it. Devices can auto-install or change configurations for reasons that you aren’t accounting for. That could give the next person connecting to it an opportunity to exploit a change that you aren’t aware of on your device.
Device drift happens over time and leaves you open to new exploits. You need to be prepared to tackle these risks as much as you tackle the risks of users connecting to them to maintain peak endpoint security. By establishing your baseline configuration for your devices and routinely monitoring them, you prevent many security holes from forming.
Authenticating your devices is also critical. Users bring their own devices into your network or certain devices remain on the network that no longer have a specific use for your organization. It is important to always be evaluating their utility to your company and their risk posed to your security. You must be prepared to regularly account for everything in your network, auditing what belongs and what needs to be removed.
Software to Increase Endpoint Security
You should also be focusing on your software footprint at this point. As you work to establish high cybersecurity maturity that goes beyond Zero Trust, reducing your software footprint on your endpoints should be a key goal.
This is a critical element across the entire business. The more applications you have to manage and the more devices you have to manage them on, the more difficult it becomes to ensure everything is up to date, their permissions managed properly and more.
You should be evaluating cybersecurity solutions that address more than one security challenge and finding an operations platform that doesn’t connect to your endpoints while retaining peak defense capabilities for your environment. Here you’re auditing your devices and their purpose, ensuring you have only the devices needed as well as reducing software bloat.
At this level of cybersecurity, you aren’t just bolting a solution on to address your challenges, you’re building cybersecurity into the threading itself as a natural function of your operations.
How to Improve Endpoint Security
Beyond what Zero Trust advocates, the key to establishing strong endpoint security lies in these three concepts:
- Additional context, such as compliance and device health, that are fully automated and ready on demand.
- Strong extensive automated monitoring, auditing and logging of all activity, available in multiple formats (screen capture, logging to the keystroke) against a common clock.
- Critical configuration monitoring and change controls. At this level even endpoints are treated as untrusted, always verifying valid accounts and usernames, patches installed, checking against baselines, and monitoring that endpoint’s configuration to ensure security and awareness beyond your users.
Once you are enforcing these, you’ve gone beyond Zero Trust, to treating even your devices as untrusted on the network. You are addressing security from both sides rather than focusing on just the people component.
Stay tuned for our next post as we focus on supply chain defense going beyond Zero Trust. If you’re ready to achieve the highest levels of cybersecurity maturity, we are here to help. You can contact us here to see how ConsoleWorks increases your security and makes defense easier.