From experience, I can tell you that this applies to non-cloud environments as well.
Yet I have worked for many organizations that run Windows desktops and rarely have I seen them use notification and monitoring tools (they are already paying for) to ensure that endpoints are continuously running the services that protect the endpoint. I do my best to fix that wherever possible, or at least bring the risks to the attention of higher level decision makers.
Is your defender even on the field? |
Whether your endpoint protection is HIPS, HIDS, antivirus, or any other related service, if its running on the endpoint, it must STAY running in order to be effective. Pretty basic stuff.
Yet time and time again, I see system with basic protections turned off, and the end user and the organization they work for, are unaware of this. And that's when very bad things can happen
For example, users might be downloading risky files from the Internet, thinking that antivirus (A/V) scans are taking place, protecting them, determining what files are OK and which are malicious, when in fact they are not being scanned at all.
Ironically, you're probably paying for tools that have this monitoring capability built right on, but its likely you're failing to take advantage of these features.
- Group Policy
- SCCM and other enterprise monitoring systems
- SIEM
- Startup Scripts
- Login Scripts
- Powershell
I recommend getting with your I.T. cohorts and brainstorming ways to ensure your endpoints are ALWAYS being protected, which will also ensure you're fully leveraging your investment in cybersecurity defenses.
Happy hunting!
-Ryan
No comments:
Post a Comment