The concept of trust is getting more attention these days. IDC has estimated security spending to reach $151 billion by 2023, noting a ‘C-level focus on trust’ as a key growth driver. Trust, according to IDC, now encompasses security, risk and compliance, privacy, and the various ways in which enterprises interact via people, technology and other aspects.
As part of the overall trust landscape, enterprises embrace the chain of trust principle that every computing touchpoint individually should contribute to solid security across an enterprise. That principle surfaced again in January when the ‘Chain of Fools’ Microsoft vulnerability (CVE-2020-0601) entered the security landscape. Briefly, the issue was ‘spoofing,’ a failure in the chain of trust to ensure the computer is communicating with the user it thinks it’s communicating with – or installing software that was actually written by a trusted source.
To prevent this type of ‘man-in-the-middle’ attack, or forged certificates, enterprises need to take another look at their entire chain of trust scenario. One of the Chain of Fools attack scenarios was vulnerable endpoints. ‘Malware could possibly bypass AppLocker and Windows Defender Application Control. However, Windows Defender Antivirus remains unaffected as it doesn’t scan for ECC certificates during certificate verification,’ according to Telelink.
Applying Chain of Trust to Endpoints
The Microsoft vulnerability reinforced the need for enterprises to, among other risk mitigation factors, take another look at endpoint security. To protect the endpoint at the most effective level, it takes an end-to-end approach, starting at the processor level. That is really the only way to ensure that vulnerabilities like the ‘Chain of Fools’ event does not find an opening in the enterprise network. A few key practices to consider:
- Ensure the enterprise architecture can fully provide an end-to-end ‘chain of trust’ from the endpoint processor or UEFI (Unified Extensible Firmware Interface) process to the destination server or cloud platform. Using this framework, IT staff can validate each discrete step of the endpoint boot and workspace execution processes.
- Fight spoofing and other attacks by checking the cryptographic signature of each component in the chain, only starting it if it is signed by a trusted party. The enterprise’s endpoint management solution and the UEFI Forum are validation sources.
- Users connecting to a VDI or cloud environment should use access software such as Citrix Workspace App or VMware Horizon to check the certificate of a connected server.
- Implement signed OS partitions that extend the endpoint chain of trust to the device processor level.
- Evaluate the enterprise’s hardware-based processor choices to see if they are up to the standards to supporting a complete chain of trust.
- Minimize the endpoint attack surface by operating the OS in a read-only manner and configured to include only the modules that are necessary to support specific use cases.
Remembering the Remote Worker’s Need for Trust
The luxury of a virtualized and cloud environment is that enterprise workers are using many devices at a myriad of locations. Access without clear privilege management and control, or opening links on a personal device and transferring possible malware into the network, are just a few examples of the threat potential that exists. Thus, the endpoint chain of trust has to extend to any endpoint device, and that requires an endpoint management and control system capable of protecting networks from remote, user driven threats.
Next generation OS solutions for cloud workspaces can deliver a user experience that will enable ubiquitous location and device flexibility yet support end-to-end chain of trust security. These solutions should include secure remote management and control of desktops and applications running in the data center or the cloud. Another recommended practice is to move risk-prone Windows to the data center or cloud and untether it from the endpoint.
Earn Trust through Solid Endpoint Security
While Microsoft tends to get intense scrutiny, the reality is cyberattacks – malware, ransomware et al – can come from many sources. IDC estimates 70% of data breaches begin at the endpoint and they can start with something as simple as opening up an email and clicking on the wrong link. Given the fact that human error is here to stay, making it more difficult for spoofing and other threats to successfully enter the network is a sound course of action. That entails applying the chain of trust principle to endpoint security and implementing solutions and technology that can prevent threats even getting to the user experience level – whether remotely working or on site.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.