IT managers are the design architects of information and security networks. When furnished with the required resources and an expert team, they maintain daily operational stability. However, threat actors have advanced through the years, and become skilled at deploying long cycle attacks, one of which is called ‘Living off the Land’ (LotL). A fitting name for a predatory tactic that allows the threat actor to blend with your environment and reconfigure legitimate programs and processes to perform malicious actions without immediate detection.
The catastrophic implications of such tactical attacks drive the continued corresponding advancements in cybersecurity. But before you spend additional money tacking on to your existing security stack — or outsourcing the management of it to a Managed Security Service Provider (MSSP) — here are four simple, free or inexpensive suggestions on how to fortify your systems, configuring your existing technology in a way that capitalizes the tools already embedded in your operating system.
Of course, we encourage system-wide upgrades with built-in premium solutions to reinforce security coverage. However, let’s not be hasty in disregarding the capabilities of what is already in-house. The add-ons are great! But the value is best seen in a unified security design. The point is, to stay abreast of system vulnerabilities and have higher visibility of external threats, network security should be a continuous process.
We go to great lengths to intercept cyber threat actors, but sometimes preventative measures fail. Our best defense is knowing how to prepare, plan and practice. To learn the know-how, download our simplified and free eBook: Foundations for Incident Response Readiness.
Now, to the four steps!
Introduce a Software Restriction Policy (SRP)
I detail the reasons that make a software restriction policy essential here. However, it is worth highlighting that Windows, as the primary operating system (OS) used by about 80 percent of desktop computers worldwide, makes the SRP a very accessible option.
Since most malware depends on running executables or scripts, administering a SRP locks down all identified endpoints, preventing malware and file-sharing applications from taking control of your network. An additional benefit is that the application allow list enabled by the SRP increases awareness about your users and enforces high security standards.
As an economical defense against a wide assortment of malicious techniques, using a SRP should be a priority for your Windows administrator.
Also, take note of the compliance applications as recommended by the CMMC.
Implement the Host-based Firewall Policy
Most, if not all, operating systems including Microsoft Windows, Apple Mac and Linux have inbuilt firewall capabilities. Unfortunately, this powerful defense is often under-used and, sometimes, disabled for reasons like decreased performance and productivity levels. However logical the reasons may be, remember that hackers are vigilant and ready to attack your systems at the drop of a hat. It significantly improves your security posture when you have control of your network at the host level — all for the price of free!
Use the Restricted Groups Policy
There is a prevalent false belief, especially in the Windows community, that a domain administrator should control every machine in the domain. In truth, the admin role is not for such wide-ranging privileges, and when we put networks together in this manner, an attacker only needs to steal one set of credentials to gain privileged access to everything. For a more in-depth read, see protecting domain administrative credentials.
An attacker needs to control multiple machines to do damage on a wide scale — and they can only control multiple machines if the hacked accounts have permission to control them. To put it bluntly, having one account control your entire enterprise is a very unnecessary high-risk move. Instead, enact a restricted group’s policy that ensures no single account has access to multiple systems, and places a limit on which account can access each system.
Leverage the Antivirus (AV) capabilities of your endpoint OS
Turn on the free safeguard tools that come with your OS (if you do not have a purpose-built solution that will conflict with them). The Windows OS is equipped with Microsoft Defender, and Macs with Gatekeeper. They may not sufficiently stop innovative ransomware, but certainly offer more protection than if deactivated — it is surprising how many SMBs forgo an AV. There is much to be gained by utilizing antivirus software to reinforce network security. Here is a list of free antivirus tools recently reviewed and tested by PCMag.
Conclusion
The steps discussed in this blog are intended as a starting point for IT Managers and administrators to examine security configuration at each stage, and IT VPs and Directors to prescribe harnessing in-house capabilities when faced with limited resources.
While taking these steps won’t make your network invincible, engaging all four impels long-cycle attackers to dedicate more time and cycles surveying what system specific accounts, scripts and protocols are allowed to coordinate an enterprise-wide assault. It is clear that creating multiple hoops for a hacker to jump through increases the chances of redirecting their unwanted attention to easier targets. However, we are all in for added reinforcement. To learn how to prepare, plan and practice for when threats bypass your security systems, download our easy-to-follow eBook: Foundations for Incident Response Readiness.
Did we already say we care about protecting your valuable business data assets? Because we do. A stitch in time saves nine and there is no better time than now to establish an effective incident response plan. We’ve done the grunt work so you don’t have to. Access this free guide: Foundations for Incident Response Readiness today for templates to help increase your incident readiness, and foster a quick response to an incident.