Threat actors often scour the dark web for information about your business. There’s a reason security teams use Reddit, Twitter, and GitHub to track cyber criminals and follow each Patch Tuesday release.
But that’s often not enough. Even if your security team finds each CVE, threat actors will still try to breach you another way.
People, devices, and applications
In the U.S. Armed Forces, knowing your enemy is always an advantage. At Ascent, we recognize defenders must anticipate threats with 100% accuracy—but cyber criminals only need to be right once.
Your business’ growth isn’t a turn off to attackers. It ups the ante. The more endpoints, or people, devices, and applications, to exploit, the greater the attack surface. A larger attack surface equals more opportunities for a potential threat actor.
So how should security teams keep pace with business growth?
Implement Modern Endpoint Management.
Modern Endpoint Management isn’t just incident response or breach prevention. It’s playing defense for each business unit so your team can block threats before they happen. Here’s three steps to achieve Modern Endpoint Management.
1: Upgrade or replace legacy technology
We recommend Microsoft’s Intune, Autopilot, and Defender for Endpoint Management. Successful device provisioning requires updated and patched devices and apps.
Microsoft recently responded to a Chinese threat actor (Storm-0558) who accessed multiple government agency email accounts. The culprit? Forged credentials used to sign into Outlook Web Access. Using the Outlook app instead of web access might have prevented the breach.
It’s safer to use one system monitored and updated by Microsoft. It’s also easier for your SOC to track and triage Outlook alerts if all your infrastructure shares a compatible backend. Outlook’s web version is independent of certain protocols IT can require for desktop.
2: Share information across security teams
Today’s security teams aren’t sharing critical information with each other. It costs some enterprises everything.
If your business has an in-house SOC or a managed SOC team, work with them to decide which alerts are canaries in the coalmine. If an employee’s phone tried to send a sensitive PDF through Gmail, does your team receive an alert? What about multiple failed log-in attempts?
Monitoring threat actor activity both on your network and attacks to businesses your size and industry supports full endpoint coverage. Once you’ve assessed the risk most likely to hit your business, automating alert triage relieves your analysts’ workload so they can respond to vulnerabilities in priority order.
3: Use cyber threat intelligence to inform Microsoft Defender for Endpoints
Once your business communicates across security focus areas, it’s vital to know who is most likely to target your business.
An international manufacturer dealing with an avalanche of overnight alerts engaged our managed SOC. Overseas hackers using brute force tried to breach the customers’ firewall at night. Once identified, Ascent analysts blocked the originating IP addresses. If the customer only scanned their legacy equipment for vulnerabilities once a week, an attacker could have slipped through the gaps.
Ascent analysts also scrapped the dark web for leaked credentials like passwords and email addresses, allowing the customer to reset important accounts.
Move beyond the speed of threat.
Don’t let threat actors make the first move. Modern Endpoint Management ensures you can anticipate instead of reacting to a breach. Microsoft chose us as their Endpoint Partner of the Year for 2023. We use our expertise to further your security goals. For more information, reach out to us at info@meetascent.com.