It is often said that the endpoints are the most vulnerable part of the network as they are increasingly becoming an entry point for malware. When something is susceptible to attacks, can it be converted as a defender instead (with proper security orientation, of course)? Is there a way to make endpoints the frontline defenders, instead of labeling them as vulnerable?
Before getting into the answer, let us analyze the following observations made by the security researchers recently:
IT Managers have always faced the dilemma of convenience versus security. When they tend to put security restrictions, they often face resistance from developers and end-users, as the security restrictions often slow down their work.
In this backdrop, traditionally, it has been a common practice to grant local admin privileges to the end-users on their workstations. Though this approach gives the users flexibility to run applications without any approvals, it brings a very high risk.
As a local admin, the users can download and use any software without the organization’s approval. This is where many security issues begin. Developers download various software utilities or install unapproved software (freeware or pirated versions) for personal use or to carry out their work. This practice brings not only security issues but also legal and compliance issues too.
On the security front, the downloaded software itself could be malware or a malware carrier. For example, spyware might be bundled with the pirated software to spy on the users silently. Attackers then thrive on this and start misusing the admin privileges.
Cylynt, a firm that offers compliance and licensing management solutions, has estimated that software piracy has increased by 20% due to COVID-19 work from home. It reports that WFH employees tend to download or make illegal copies of the software they need for their jobs. As pirated software carry the risk of malware, it warns that remote work environments are making the job of hackers easy to breach into an enterprise network.
A Microsoft-commissioned study by the Faculty of Engineering at the National University of Singapore (NUS) has quantified the link between software piracy and malware infections. The researchers examined many copies of pirated software downloaded from the internet and tested them for malware. The findings were shocking:
It is evident that software piracy could lead to large-scale malware infection.
Endpoints with users possessing local administrator rights getting infected with malware is not a new phenomenon. However, local admin rights and usage of pirated software prove to be a deadly cocktail that could easily hurt an organization’s cybersecurity defenses. Often, this is all hackers need to gain a foothold into your enterprise network.
Since local admin rights allow users to turn off the anti-virus, firewalls, encryptions, and even group policies, when infected, the malware gets the ability to do the same. If multiple users use a single infected device, hackers gain access to other user profiles leading to data breaches, theft, and privacy concerns.
That means, when an organization allows local administrator rights on endpoints, the pirated software (containing malware) installed by just one user could potentially harm the entire organization by easily and quickly spreading across the network.
The root cause of this security issue is allowing local administrator rights, which makes the endpoints the most vulnerable part of the network. How do we make them the frontline defenders instead?
Just as we equate traveling light to traveling smart, removing local admin rights and staying light on privileges is the best way to stay secure. This cuts down vulnerabilities and reduces the opportunities for the attacker.
However, removing local admin rights may force the user to depend on the IT help desks for something as simple as installing a printer. This might create an unnecessary burden on help desks, besides causing frustration for users.
What's the best way to remove local admin accounts while ensuring the flexibility for the users to run their business operations seamlessly?
This is where privilege management solutions like Securden Windows Privilege Manager come in handy. These products allow the standard users to run the applications that typically require admin rights but without elevating the users as administrators. They elevate applications on-demand for standard users. The best part is deploying whitelisting after removing admin rights. You can create policies allowing users to elevate trusted applications seamlessly. Self-service portals and workflows help handle the elevation of new applications.
Securden Windows Privilege Manager comes with a host of other monitoring and auditing features that help you handle privileges, prevent the use of pirated software, and safeguard your organization from malware. Start your 30-day trial or book a demo.
May God defend me from my friends
As stories of trusted insiders causing information security breaches continue to unfold, it’s time organizations woke up to...
Dec 21 · 4 min read
Ransomware attack on Colonial Pipeline: Executing cyberattacks, now a child's play!
With the easy availability billions of compromised credentials on the dark web, and the practice of password reuse rampant, hackers...
jun 7 · 5 min read
Eliminating Admin Rights and Controlling Applications (Part 3)
One of the most effective approaches to reducing risks is eliminating the local admin accounts altogether and...
May 17 · 4 min read
Looking for a Passwordstate alternative?
Passwordstate, an enterprise password manager developed by Click Studios, suffered a supply chain attack between...
Apr 30 · 3 min read
Local Admin Accounts Management: Microsoft LAPS Vs. PAM (Part-2)
In the previous post, we dealt with the importance of local admin accounts, the associated security risks, and...
Apr 06 · 3 min read
Top 10 password policy recommendations for sysadmins in 2021
Passwords are omnipresent in our personal and business digital environments. An average person has at least...
Apr 01 · 6 min read
Local Admin Accounts - Security Risks and Best Practices (Part 1)
We are all too familiar with the local administrator account that gets created automatically when installing a Windows...
Mar 19 · 4 min read
Poor password security practices cause massive security breaches
Weak passwords, password reuse, password sharing, hard-coded credentials, lax measures to storing credentials...
Mar 13 · 6 min read