Many companies, however, have not extended this to their next natural step. Why do we consistently trust our management and software users? Endpoints – whether user-managed laptops, cloud servers, or embedded devices powering airport displays – are often heavily loaded with remote management tools in an integrated endpoint management (UEM) space. Inventory management and content tracking of devices. Mobile device administrators to use the software, configure policies and keys. Remote server administration tools (RSAT) that you must enable approved administrators log in (not to be confused with remote access trojans (RATs), which adversaries use to do exactly the same thing). Even business browsers to monitor employee access to the Internet. Endpoint detection and response (EDR) identifies when someone has compromised a machine, usually by compromising one of the other control tools on the device.
Instead, consider an endpoint that doesn’t trust all of these tools. It does not allow remote management, it does not allow remote login, and it is not loaded with various agents that solve different security and IT functions. Instead, it focuses on its single task: whether that is enabling its user to connect securely to the Internet, running an application server, or placing a display on a kiosk. It doesn’t trust the employer’s ecosystem, except for the source of email and files, and then barely. It certainly does not trust any other clients on the same network; to it, Starbucks is as secure as a business network – which is to say, it isn’t. It’s locked out from as many third parties as possible, and updates automatically using vendor updates (let’s ignore, for the moment, the rare vulnerability of automatic updates, highlighted by the Crowdstrike incident).
In that world, the number of vendors in our ecosystem that can cause us really bad days is greatly reduced. We still rely on Apple, Microsoft, and Google for our endpoint operations, but those three are far more reliable when it comes to security than the collection of IT and security software distributed throughout the modern enterprise. Instead of worrying about a few vendors whose bad days can bring our economy to its knees, we’ve narrowed it down to three – three that have shown the security focus we need the most (and that regulators can focus on security, instead of rushing. CrowdStrike while lacking all the other risk management tools out there).
Source link