6 tips for situational awareness of end-user devices

In early December, IronNet defended the Network Operations Center at Black Hat Europe. Our detections revealed malicious activities resulting from already-infected devices and poor security practices. These threats are not limited to Black Hat and are faced by individuals, organizations, and companies every day. 

BYOD (Bring Your Own Device) policies are convenient but risky. It is very difficult to monitor endpoints, and both users and the companies they work for sometimes are unaware of the security hygiene of each personal device. Most companies resolve this issue by providing equipment protected with enterprise-level cybersecurity practices and/or limiting access to corporate services from personal devices. Apps on a personal device, for instance, may not be screened properly before being downloaded and can lead to sensitive data loss.

Even corporate-owned or managed devices used by individual employees are vulnerable to compromise. Organizations and companies should implement device management policies and software to monitor and control the devices in the network. There are many tools on the market to help with this, including VPN services, endpoint managers, and mobile device managers. CISOs should consider how these tools fit into their enterprise security portfolio.

A number of lessons for security hygiene can be implemented to prevent most threats to your organization’s network:  

1. Know which devices are in your organization’s network and be aware when a new device is added to the network.
2. Require employees to use a VPN when remotely connecting to the corporate network from either a personal device or company-owned device.
3. Monitor the network activity of devices on your network to prevent anomalous and malicious activity.
4. Closely review all browser extension permissions, especially those related to tracking information and data sharing; ensure your extensions are installed only through trusted sources; and review applications for data privacy risks before downloading them.
5. Create and enforce browser extension policies that reject extensions with permissions that do not match the functionality of the app.
6. Ensure comprehensive network visibility through network detection and monitoring.
   

Greater visibility to defend the enterprise network with Collective Defense

How can you generate a dynamic relationship among SIEM, endpoint detection and response (EDR), and network detection and response (NDR) tools? The answer is Collective Defense, which draws on behavioral analytics and orchestrates threat sharing in real time — and in situational context. The IronNet Collective Defense platform empowers this collaborative engagement for broad visibility of the cyber threat landscape — across and deep within the enterprise network.