In the past, to configure security policies, teams were required to use group policies, System Center Configuration Manager, or Microsoft Endpoint Manager. Essentially, they were using the IT management tool to set up and maintain security. Therefore, even when an organization had security administrators, they depended on the IT team for any required change.
Today’s Security Challenges Require a Different Approach
While it might have worked in the past to have the IT team manage security controls, modern enterprises are at the stage where that is no longer scalable. Today, we aren’t just configuring a legacy antivirus and a password policy. We need to consider different attack surfaces and tune our preventative controls accordingly. The time when a security administrator could raise an IT ticket and then sit and wait is long behind us.
How Can an Organization Improve Its Cybersecurity?
1. Implement Role-Based-Access-Control (RBAC)
The security team deals with a lot of sensitive information. Therefore, the principle of least privilege is critical. The bottom line is that only people with an apparent business reason should have access to specific information. For example, security administrators should see the endpoint configuration, manage agent update cycles, and configure device policies and the firewall. Still, they may not need access to forensic capabilities or access to active incidents. With Role-Based-Access-Control (RBAC), this can be achieved.
2. Lock Down the Network and Devices
Reducing the attack surface is a critical task for security administrators. Often, the first step is to configure device restriction policies and the firewall. Consider who should have access to information and whether that access should be restricted to read-only. When managing firewalls, also consider:
- if rules should apply across Windows, macOS, and Linux
- if there should be an Allow or Block rule
- if rules should apply for a specific protocol, port, application, etc.
3. Consider an XDR Security Solution
Extended Detection and Response (XDR) Security solutions monitor an organization’s entire infrastructure, including endpoints, the cloud, mobile devices, and more. These systems actively search and respond to threats in real-time to protect organizations from advanced cyberattacks.
The increasing complexity in today’s threat landscape makes it clear that waiting several days to make a change to preventative controls is no longer acceptable. Security technologies have evolved and provided integrated security management capabilities that empower security administrators to make informed risk-based decisions.
YeoDefense XDR, powered by SentinelOne, provides integrated security management capabilities that are truly designed for enterprises. Businesses benefit from multi-tenancy and Role-Based-Access-Control (RBAC), which enable the principle of least privilege. If the security administrator needs to configure a device restriction policy or firewall rules, or optimize Endpoint Platform Protection (EPP) or Endpoint Detection and Response (EDR) controls, they can do that all within the SentinelOne management console in just a few clicks.
If you would like to learn more about how YeoDefense can help secure your organization, Contact Yeo & Yeo Computer Consulting.
Information used in this article was provided by our partners at SentinelOne.