CIO

Endpoint Security: tackling vulnerabilities that hide in plain sight

By Brett Raphael, Managing Director, A/NZ at CrowdStrike

Recent cyber-attacks in Australia such as the massive data hack at a high profile Australian University, and Australia-founded graphic design platform Canva falling victim to a cyber-attack affecting 139 million users; have heightened awareness of cyber security in Australian companies.

With the rise in cloud computing, most recent conversations on enterprise security have focused on network and data infrastructure designed primarily to look at the local operating system (OS) and the applications that reside on top of it, leaving a blind spot in computing layers below the OS.

Technologies such as endpoint detection and response (EDR), machine learning and behavioural detection have greatly improved the visibility and awareness of organisations by exposing hidden intrusion techniques. As a result of these advanced defences, attackers are often forced to hunt for new avenues of infiltration. One such emerging territory for cybercriminals is BIOS.

Visibility into BIOS is essential

The BIOS (basic input/output system) is a computer program embedded on a chip on a computer's motherboard that recognises and controls various devices that make up the computer. BIOS represents a tempting target for attackers as it is a very lucrative execution environment for malware, allowing an attacker to gain full control over all system resources. 

Today’s persistent nation-state actors have already begun migrating to BIOS attacks as their next preferred environment for persistence and malicious control of systems. With security researchers and companies around the world showcasing various attacks against Intel Boot Guard, Secure Boot, Intel CSME, AMD PSP and other core platform security technologies, it’s only a matter of time until such techniques become commoditised by an even wider spectrum of attackers.

To make matters more complicated, BIOS is seldom patched in most organisations, and known vulnerabilities often remain for years after they are disclosed. A clear picture of the firmware in an enterprise reveals potentially devastating intrusions. Organisations need the ability to audit and update security-related BIOS settings such as protection for SPI flash memory, which can be critical in preventing unauthorised BIOS modification. 

Effective device management for increased efficiency

Organisations often risk underrating the importance of endpoint device security, which can offer businesses protection against cybercrime from the hardware up. For example, a laptop is a highly connected device which becomes increasingly vulnerable when connected to open and unsecured wi-fi networks. These devices can leak information to hackers without the user even knowing. Hence reinventing hardware security to not just prevent breaches, but also detecting them and enabling recovery from successful attacks quickly, is increasingly important.

Ultimately, complete and real-time visibility into device activity is imperative to ensure security teams can hunt and investigate based on that data. Additionally, organisations should have safety measures directly on the network and not just individual devices. This ensures that the malware doesn’t spread to other endpoints even if an infected device is able to access the network. This approach not only protects the devices used by staff but also ensures the security of important applications and resources.

Today, it’s expected by customers and partners alike that business services will be available around the clock, but connectivity needn’t be viewed as a burden. Organisations should take advantage of solutions such as bring your own device (BYOD) and mobile device management (MDM), helping ensure businesses get the best from their employees while providing an integrated approach to desktop and mobile device management, that balances flexibility with robust security.