Everything used to be so easy. All an organisation needed was a professionally managed firewall and a virus scanner and they were all set, but over the last couple of decades, cyber criminality has become increasingly professional and new ways of working have become the norm. In order to keep pace with these new requirements, numerous providers have flooded the market with a whole raft of solutions, that make management incredibly complex. It's time for a new approach. Read on to find out how to protect your organisation along the entire cyber kill chain with only one provider.
A professionally managed firewall controls the flow of data from the internet into your own network while a virus scanner ensures that e-mails and data saved on systems are free of any malicious code. This was IT security just a few years ago, but the new opportunities offered by mobile working at the modern workplace have completely changed the demands placed on IT departments. Devices no longer have to be within a company’s network to access confidential data, turning the entire world into a workplace—as long as there’s an IT connection on hand!
Classic approaches to protecting enterprise IT are no longer up to the job because they are set up to trust everyone within the company network, which of course hits problems when an employee wants to access internal resources from the outside. External access is managed using firewalls rules, with unsolicited requests being rejected by an external client. Communication from the outside in and access to files and the infrastructure has to be through relatively unstable VPN tunnels through the perimeter.
In both cases, it’s not normally the case anymore that the legality of access is verified within this perimeter. This means that someone can access sensitive data that they are not authorised to see without too much effort. In the modern world of work, using an unreliable VPN tunnel to connect an external PC with a part of the internal corporate network has become unthinkable. Data connections can be dropped and compromised devices can be exploited to gain access. It’s clear something needs to change as end devices are the new perimeter.
To understand modern attack scenarios, we need to understand how modern, and these days highly professional hackers act. In over 90% of cases, an attack begins with a phishing e-mail requesting the recipient to do something, which can lead to a malicious attachment being opened or a link to a compromised website being clicked on. Attackers use social engineering methods that often make it very difficult for the victim to know if they are looking at a legitimate e-mail or attempted fraud. Opening the attachment or website sets the ball rolling with malicious software installed in the background that takes over control of the affected system and starts to infect other computers on the network.
If there are no security mechanisms in place, attackers have free rein to do what they want. Even when good antivirus software and a malware scanner are installed, it can be that smaller malicious programs have already spread so far that a superficial system clean-up isn’t enough to boot the attacker out. Rather the exact opposite tends to be the case as additional code is downloaded and installed from known servers to help the search for sensitive data.
These kind of attacks can be prevented with the right tools. Microsoft Defender for Office 365 detects malware in e-mail attachments and removes suspicious links and attachments from affected mailboxes meaning your employees don’t even get to see them and then have to decide if the e-mail is legitimate or not. As Microsoft Defender protects the complete Office 365 suite, even malicious macros embedded in documents are detected and dealt with. Microsoft Defender for Endpoint detects and protects against risks that directly affect the used device, thus effectively minimising the risk of it being compromised by a fraudulent for example.
If you take a closer look along the infection chain, you’ll probably find a second, no less significant way in for cyber criminals. Hackers frequently use stolen access credentials to get at a company’s sensitive data and this information tends to come from previous attacks on other businesses. If the validity of a user account is not regularly checked, hackers are basically given their own key they can use to easily access other companies’ data, which can have dramatic consequences if that includes access credentials to privileged accounts. These admin accounts normally have access to all a company’s resources and therefore have extensive rights which makes it much easier for criminals to get their hands on data.
Whatever the case, people are the key. Employees—no matter if they still work for you or are long since gone—can unwittingly open the door to their company's IT by carelessly opening attachments or entering their user data into manipulated forms. There are of course the unhappy employees who willingly share this information. Industrial espionage is a lucrative business and most people are specifically targeted and manipulated. Azure AD Identity Protection can close this door by allowing risk-based conditional access to enterprise resources. This kind of conditional access checks accesses for their plausibility, So if, for example, you’ve logged into a system from your location in Germany, the access attempt being made 10 minutes later from overseas isn’t going to be legitimate.
Even when attackers don’t initially have any details about your identity, they can access them through devices infected with malware, which they can then use to their advantage because if hackers have this information, they can move around your network without any issue, collecting information about your infrastructure from configuration files with the goal of finding access credentials for a privileged user or even to hijack one their existing sessions. Once in, they have unrestricted access to servers, databases and even domain controllers that, among other things, manage access rights in Windows networks.
Microsoft Defender for Identity protects your employees’ identities from being hijacked by cyber criminals during an attack. This service is cloud-based and uses real-time analyses and information from already collected data to differentiate between real threats and legitimate access and to prioritise them accordingly. Your security team can focus on their more important tasks and won’t be distracted by false alarms. Even if an attack isn’t taking place, the intelligent solution can recognise preventative configuration gaps and make recommendations that support your IT department to close them before they become exploited by attackers.
If an organisation doesn’t integrate some kind of security mechanisms at this point, attackers will be able to reach their goal. Once they have access to privileged identities, hackers can get their hands on highly-sensitive data, which they would then publish or sell to the highest bidder. Your data is very valuable. Spammers are on the lookout for customer data to exploit their good reputation. They try to sell inferior products to your customers and trick them with stolen identities. But competitors and, in some situations foreign states, may also be interested in your data. Industrial espionage is a lucrative business. Technical expertise and in-house developments can be leaked, putting your competitive edge at risk.
To prevent this from happening, Microsoft Cloud App Security uses sophisticated analysis features to detect and stop cyber threats to cloud services. The solution isn’t only limited to use with Microsoft services, but as a Cloud Access Security Broker can also be integrated into third-party applications. This means you can identify and manage all cloud apps to ensure both compliance and security. You’ll also be able to recognise unusual behaviours triggered by ransomware and other unauthorised apps, plus identify, analyse and prevent high-risk use.
Microsoft not only offers these solutions to protect along the cyber kill chain, but has also developed the Surface family to close the gap between security solution and end device. With DFCI and Windows Autopilot provisioning, your Surface devices are loaded with secure firmware that detects and stops attacks even on the hardware layer. Hello for Business makes it possible for you to control and verify conditional access to important assets. The individual devices are the right solution for all your needs, no matter if you want to equip production line workers, employees working in the field, and customer service agents, or engineers, designers and researchers with modern, reliable and secure devices. Protect yourself and your employees from data leaks along the entire cyber kill chain, from anywhere in the world at all times.
Want to find out more? Join our free webinar “As flexible as your needs – Modern IT security with Bechtle and Microsoft” on 17 November from 10 am to 11 am when we’ll give you a more in-depth look into how an attack can be carried out along the cyber kill chain. You’ll also discover: