With new waves of ransomware attacks striking headlines everywhere, it’s truly time to take a proactive stance against malware. But, drawing on experience, most IT professionals cringe at the impact endpoint threat protection may have on user productivity.
Users simply want something that’s more transparent. In fact, according to a recent study performed by Dimensional Research: The Value of a Great Desktop Experience, as many as 62% of business users identified security that is not intrusive as an important factor to a great desktop user experience. Even so, as many as 35% of IT professionals still limit their end users’ ability to personalize their desktops based on corporate security policies. The result is increasing frustration among end users who continue to believe that security is negatively impacting experience.
The most common culprit of end users’ negative opinion of security technology is antivirus software. While AV provides a needed layer of endpoint protection, it doesn’t adequately tackle the challenge of ransomware and it can require tedious manual intervention by end users, causing them grief and frustration. In fact, the same situation applies to any “next-generation” endpoint security agent focused solely on solving security issues with total disregard for IT manageability and user experience.
There is a more pragmatic approach to endpoint security, one that puts users first while still giving IT the iron-clad risk protection the organization needs to rest easy. How? By employing a strategic approach to application management, including the use of application control and whitelisting based on “Trusted Ownership” and the practice of least privilege management.
Consider the fact that the most common malware attacks come in the form of executable files attached to emails or hidden inside documents or internet links. If not detected by an endpoint’s antivirus solution or protected by effective application management, these executables can wreak havoc on an enterprise with the power and speed of a wild fire.
Application Whitelisting Based on “Trusted Ownership”
Whitelisting, the practice of setting policies where only “approved” applications can run on an endpoint, provides effective protection against malware. The challenge is that implementing a whitelisting strategy can be complex and cumbersome. In many cases it must be configured with thousands of known-good files simply to enable users to work. Then, as the operating system and applications are patched and upgraded, the whitelisted credentials can change creating additional complexity that must be managed.
Technologies that enable whitelisting without having to manage individual files can make this process much easier by allowing or denying execution based on file ownership, file vendor or origin. Called “trusted ownership,” this technology can enable whitelisting based on known-good content without having to specify each individual file. Using this trusted ownership approach can easily enable a whitelisting strategy without the risk of needing to manage changes every time upgrades are performed.
The Practice of Least Privilege Access
Adding to the success of an application whitelisting approach based on trusted ownership, is effective privilege management. By precisely controlling user and application privileges, each user and application are only given access to the privileges that are essential to that individual’s work. This removes the need to provide admin-level access to all users or all applications, which creates significant security risks. Corporate security policies can be enforced based on user or based on contextual factors such as location, device name, IP address, network settings or time of day. This approach also eliminates risk when users work outside the corporate firewall.
Through the use of comprehensive privilege management and application control, users benefit from the productivity they need while safeguarding corporate desktops from both internal and external threats. By using complete privilege management and application control, enterprises can further increase their security policies by:
- Setting application limits and time restrictions
- Setting application network access control
- Enabling URL redirection and granular control over web-based application installation
- Enforcing extensive anti-tampering, change control and auditing capabilities
- Supporting user self-service capabilities
… all without a negative impact on user productivity or workforce performance.
Endpoint security is a critical piece in today’s overall corporate governance and compliance strategies. For true risk avoidance, without user frustration, consider implementing sophisticated application management that includes whitelisting based on “Trusted Ownership” and the ability to dynamically control user privileges with the practice of least privilege. It will not only provide substantial endpoint security gains, and significant reductions in both IT support and software licensing, it will also result in considerably higher end user satisfaction.
[su_box title=”About William Myrhang” style=”noise” box_color=”#336588″][short_info id=’74153′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.