Securing the digital frontline with non-intrusive endpoint protection
Snapshot
End-user devices — also known as “endpoints” — are like gates leading into a fortress. Hackers know that these devices house a variety of apps that, if left unsecured, can be compromised to allow access to prized corporate assets.
A venture capital firm recently embarked upon an effort to harden their endpoints and strengthen their overall Microsoft 365 (M365) security. With business continuity paramount, the protective measures needed to be implemented in a non-disruptive, user-friendly way.
Challenge
Endpoints running Microsoft 365 are juicy targets for hackers
An endpoint is anything that’s connected to a company network or houses sensitive data. This could be a laptop, desktop, mobile device network-connected printer, or a point-of-sale terminal. With many companies allowing employees to use their personal devices for work purposes, cybercriminals have even more vulnerable endpoints to exploit — especially when remote workers are using unsecured networks in cafés and other public spaces.
Microsoft 365 adds another layer of exploitability — for a number of reasons. Its sheer ubiquity means that there’s a potentially huge payoff for the effort spent on finding vulnerabilities. The way in which it integrates so much functionality (Teams, Outlook, etc.) into one place broadens the attack surface and gives successful intruders much greater access.
Finally, since it’s a relatively new product, security for M365 is not very well understood by many businesses. M365-specific security terms like “Conditional Access,” which refers to its identity and access management solution, are often confusing, as are the platform’s licensing costs. As a result, many businesses, like this client, seek out external expertise for M365 hardening.
Security is vital, and so is preventing business disruptions
Like other businesses trying to balance security and usability, the client wanted to make sure the new protections wouldn’t cause any unnecessary disruptions. Since some high-impact security measures could potentially get in the way of daily operations, it was up to the KG team to figure out how to implement these smoothly and avoid repetitive measures that could induce user fatigue.
Approach
Seamlessly implementing multiple layers of endpoint protection
The project began with a detailed, six-week timeline for fortifying the client’s endpoints. Built-in evaluation periods ensured that business would continue as usual while Kalles Group implemented and monitored the new security controls. By testing these controls before fully switching them on in the production environment, the consultants could ensure a smooth transition with minimal hiccups.
Kalles Group added multiple layers of protection to the client’s Windows endpoint machines to significantly reduce exploitation risk. These advanced hardening techniques included configuring security settings, applying the latest updates, and deploying endpoint protection solutions to detect and prevent threats. Even the most sophisticated cybercriminal would find these newly hardened endpoints a tough nut to crack.
Promoting usability with automated threat responses and customized access control
The client had independently moved to a new email security provider, but there was still work to be done on the access control front. Kalles Group developed a risk-based access control (RBAC) approach tailored specifically to their environment. By adjusting security protocols to each access attempt’s risk level, this practice maintains security without forcing users to respond repeatedly to burdensome authentication requests. RBAC is a very specific M365 strength, and it’s one that many smaller companies aren’t aware of or haven’t fully implemented due to the requisite process adjustments.
To further tighten security, the KG team set up automated actions to swiftly respond to confirmed breaches involving known credentials. If compromised credentials are detected, the system automatically triggers responses like account lockdowns and mandatory password resets. This rapid reaction capability is crucial in minimizing potential damage and keeping the threat contained.
Results
Supporting users with minimum disruption and maximum protection
By the end of the project, Kalles Group had successfully implemented a robust set of security enhancements. The client’s endpoints were significantly more secure, and their access control system was both effective and user-friendly. They now have greater confidence in their ability to prevent and respond to cyber threats.
What’s more, there was no need to tolerate intrusive measures in order to achieve this level of hardening. By carefully evaluating the impact of each security control before full deployment, Kalles Group made sure employees could continue their work without major interruptions. The client appreciated this balanced approach, as it allowed them to strengthen their security posture without sacrificing productivity.