The rapid adoption of cloud services and the ability to work from anywhere has created a new exploitation method. By exploiting weak security controls on devices where administrators work, attackers can gain access to privileged resources.
Secured, isolated workstations are critically important for the security of sensitive roles like administrators, developers, and critical service operators. If client workstation security is compromised, many security controls and assurances can fail or be ineffective.
Privileged misuse and supply chain attacks are among the top five methods that attackers use to breach organizations. `
Most attackers follow these steps:
1. Reconnaissance to find a way in, often specific to an industry.
2. Analysis to collect information and identify the best way to infiltrate a workstation that is perceived as low value.
3. Persistence to look for a means to move laterally.
4. Exfiltration of confidential and sensitive data.
During reconnaissance, attackers frequently infiltrate devices that seem low risk or undervalued. They use these vulnerable devices to locate an opportunity for lateral movement and to find administrative users and devices. After they gain access to privileged user roles, attackers identify high value data and successfully exfiltrate that data.
This document describes a solution that can help protect your computing devices from such lateral attacks. The solution isolates management and services from less valuable productivity devices, breaking the chain before the device that has access to sensitive cloud resources can be infiltrated.
The solution uses native Azure services that are part of the Microsoft 365 Enterprise stack:
• Intune for device management and a safe list of applications and URLs
• Azure Security Center
• Azure Compliance Center
• Autopilot for device setup, deployment, and refresh
• Azure AD for user management, conditional access, and multi-factor authentication
• Windows 10 (current version) for device health attestation and user experience
• Defender ATP for cloud-managed endpoint protection, detection, and response
• Azure AD PIM for managing authorization and just-in-time (JIT) privileged access to resources
What kind of solution?
Purchasing these resources is one thing. What often goes wrong in practice is the actual configuration and implementation. End the translating of the organizational issues to technology.
Securing the public cloud is an increasingly difficult challenge for businesses. As a result, IT departments are searching for a cloud-delivered security solution that provides sufficient end-user security.
Cloud Security products extend protection to all aspects of your business.
In addition, Cloud Email Security blocks and remediates email threats, and Cloud monitors your IaaS/Saas/Paas/Faas instances and alerts on suspicious activities. The right knowledge of Cloud Security products delivers a broad, effective security solution for your multicloud world.
If you want me to work on your cloud world, ask me…firstname.lastname@example.org