deviceTRUST: Context Awareness is Security’s Last Mile

Dec 8, 2017

I have said it before, and I will say it again, the end-user is your most significant threat to your company. Let’s take a look at some fun statistics:

• According to CSO, on average, cyber attacks cost U.S. enterprises $1.3 million in 2017.
• Phishing Labs latest report states that phishing volume has grown by 33% across five targeted industries.
• Barkly states that 1 in 131 emails contains malware.
• Impersonation attacks are growing 50% quarter over quarter.
• 78% of people claim to be aware a link is risky, but they still click it!
• Social engineering accounts for 77% of all socially based attacks.
• Manual sharing accounts for 71% of attacks on social media.
• 60% of end-users feel using public WIFI is riskier than using a public bathroom.

XenTegra is hosting a webinar on deviceTRUST and are the devices connected to your environment putting you at risk? Security is top of mind for every CISO and while it may be seen as enough, what if you could take it a step further and put context on your security? Read on…

Why Care?

Let’s use some examples to highlight possible scenarios:

• Example #1: John decides he needs a coffee break and heads to the coffee shop around the corner. Dr. John wants to sit, enjoy his coffee and get his work done, so he brings his laptop. What Dr. John does not realize is, a hacker known as “Acid Burn” is sitting in the same coffee shop looking to perform ‘man-in-the-middle’ attacks. Dr. John thinks he is harmless connecting to the public WIFI and opening up his EMR via Internet Explore. What Dr. John does not realize is, “Acid Burn” is stealing his credentials to log into said EMR. Dr. John finishes his coffee, closes his laptop and returns to the hospital. A week later, the hospital has a significant breach in their EMR, and thousands of records are compromised.
• Example #2: Sally works in your accounting department. Sally loves social media and spends a bulk of her days scanning Facebook and posting. Sally is working on a ‘Bring Your Own Device’ (BYOD) and uses Windows 10 but does not keep her device up-to-date or have proper antivirus installed. A hacker known as “Crash Override” created a fake campaign on Facebook where you can “Win a Trip to the Bahamas.” Sally is intrigued, manually shares this campaign and clicks on the link. The link takes Sally to a fake Office 365 login page, and Sally unsuspectingly logs into to the page not realizing “Crash Override” is capturing her credentials. The page ultimately goes nowhere; Sally thinks it is a fluke and closes the page. She realizes the ad was a fake but does not realize she just gave her email credentials away. A month later, “Crash Override” gained access to Sally’s company’s network and stole financial data.
• Example #3: Bob is an executive and travels a lot for his company, in fact, he is on a plane almost every week and travels all over the world. On a recent trip, Bob met a single serving friend on the plan named, Now what Bob did not realize is, Emmanuel, is a hacker and social engineering master known a “Cereal Killer.” Bob and he hit it off and have a conversation the entire flight. They have drinks, share family stories and talk about their jobs. Bob shares where he works, his line of work and the various systems he uses. Bob did some work and what he did not realize is Emmanuel was spying over his shoulder noting the multiple solutions they use and the type of work Bob did. A few months pass by and thanks to Bob, Emmanuel gets a job at his company as an IT contractor. After a few months, Emmanuel just stops showing up, and a few weeks later, data is leaked.

Note: It is coincidental that I describe a scenario or a name that aligns with you and all stories above are fictional and written by me.

Do these scenarios sound familiar? You have a man-in-the-middle attack, a phishing attack, and an impersonation attack. Sure, a sound security plan could prevent these attacks, but what if I told you context awareness coupled with a sound security plan could make these scenarios almost avoidable.

DeviceTRUST

deviceTRUST offers to contextualize the corporate enterprise, allowing users the freedom to access their corporate workspace from any location, on any device, over any network, while giving IT departments the information and control they need to meet their governance requirements.

With its patent-pending technologies, deviceTRUST delivers more than 200 hardware, software, network, security, performance, and location contextual properties into the virtual and physical workspaces. deviceTRUST can easily integrate with any existing workspace management solution and requires no additional infrastructure. The context is always up-to-date, and any change triggers a definable action.

Context awareness IS the last mile for anything security because let’s face it; users hate security and context makes security user-centric!

The Solution

Above we highlighted some examples, and while security could alleviate some of the above, context will harden and help prevent the above:

• Solution #1: deviceTRUST can help in a few ways: they can lock down access to various local applications based on geolocation and/or network type and/or WIFI SSID. Parallel, they could (working with Microsoft AppLocker, AppSense Application Manager or RES ONE Workspace) dynamically build a blacklist to block specific applications on the fly. Context would force Dr. John to use Citrix Receiver to access his EMR systems securely. If needed, you could take this a step further and provide a context within the Citrix Receiver session and not allow access to the EMR because Dr. John is sitting in an unsanctioned “Acid Burn” will not be able to prey on Dr. John, therefore, preventing a possible hack.
• Solution #2: deviceTRUST can set context based on network, antivirus, and Windows Update status. In this instance, deviceTRUST could go as far as prevent access to the device when on the corporate network because there is no antivirus or Windows Update is no up-to-date. Parallel, you could block access to local applications and only allow access to Citrix Receiver. While this might be seen as extreme, BYOD devices pose a hidden threat to the enterprise every day. Within the Citrix Receiver session or on the host you could leverage a local website blacklisting and whitelisting tool and leverage deviceTrust to provide further context. Sally will be forced to keep her device antivirus and patching up-to-date and with context prevent her from surfing Facebook when and where needed.
• Solution #3: deviceTRUST or security solutions cannot prevent the conversations from occurring, but deviceTRUST can prevent access to the corporate device when not on sanctioned networks, in specific geographic locations or even specific access point security levels. This scenario is tough, but if security is top of mind, you can prevent prying eyes with a simple screen privacy filter, an endpoint security solution, and deviceTRUST context-based engine. You could block Bob from accessing specific systems on the local host or at all forcing him to either use Citrix Receiver or catch up on “Stanger Things.” This is an extreme example, but education around impersonation attacks is needed.

Here is a simple video on deviceTRUST:

https://www.youtube.com/watch?v=R56YRaj6zlw

If you want to learn how deviceTRUST is:

• Simple: How to access local machine and remote device context using local environment variables, registry lookup or command line, over any network, with no additional infrastructure.
• Dynamic: How changes in the context are kept up-to-date and trigger an immediate action.
• Integrated: How context is written to the Windows Event Log for easy integration within existing SIEM and reporting solutions.

deviceTRUST can provide context on more than 200 properties applying them locally or via a remote session filling in the last mile for security.

Check back to see more blogs on deviceTRUST, security and more of XenTegra’s great partners!