In this short article, we share tips for optimizing your endpoint protection strategy with Avecto’s Defendpoint technology integrated with McAfee.
Defendpoint complements detection based technologies with a proactive approach that contains the impact of attacks that go undetected. Employing a layered approach to endpoint security, Defendpoint enables you to implement least privilege by eliminating the need for local administrator accounts. Building on McAfee’s granular application control capabilities, Defendpoint adds extra defense for trusted software.
To fully capitalize on the investment in their security solutions, organizations must first remove administrative privileges from end users. Layered endpoint security controls should build on a solid foundation of least privilege.
As hackers employ more sophisticated means to infiltrate corporate IT systems the evolving mindset of “assume compromise” underlines the need to restrict privileges and protect against lateral attack propagation. If employees are only granted standard user rights, the risk associated with 80% of Critical Microsoft vulnerabilities can be mitigated, considerably decreasing the risk compared to when patches, antivirus and application control are deployed alone.
Without the admin access it seeks, malware targeting elevated privileges cannot reach the core network, where they cause the most damage.
Any approach to removing admin rights should be planned carefully. Removing administrative privileges has become more realistic in recent versions of Windows with the introduction of User Account Control (UAC). Moving users to a standard user account, i.e. not a member of the local Administrators group, cuts off access to all system changes that require greater privilege, as well as installing or updating authorized software. Some user roles such as IT admins and developers can’t function without additional system access. Without appropriate technology in place, users find themselves restricted and unable to access files and applications they need on a daily basis.
Additionally, without considering the end user experience, admin rights are often granted back to enable emergency access but never removed. Even a small number of admin users create significant internal and external vulnerabilities.
The built-in Windows tools and UAC features lack the flexibility required in managed corporate IT deployments. Avecto Defendpoint features policy-based rules that allow application privileges to be elevated without elevating the user to an administrator. When users encounter exception scenarios customizable messaging and advanced features such as twofactor authentication and challenge/response authorization, allow users to remain productive with minimal impact on helpdesk staff.
Without flexible privilege management rules, least privilege implementations often fail because of compatibility issues with legacy applications, changing business needs or lack of user acceptance.
Defendpoint empowers IT teams to secure endpoints whilst providing a positive user experience and freeing the helpdesk from access requests.
Endpoint protection has been focused on malware detection and blocking using signature-based approaches. Although a mainstay of endpoint security for many years, signature based antivirus has struggles to provide effective protection, failing to detect more than 50% of attacks today.
Application control adds an additional layer of protection by blocking applications that are not specifically approved by your IT team. McAfee’s Application Control solution ties into a comprehensive application and URL reputation database and provides granular rules and finite control.
This layer of security can considerably reduce risk as most vulnerabilities are not in the operating system, but in applications. By gaining control of application use across your business, you can prevent users from inadvertently downloading and running malware, and ensure that only fully up to date versions of approved programs are allowed to run.