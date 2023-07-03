Alessio Mercuri, Security Engineer of Vectra AI, and Michele Vescovi, R&D Manager of Praimtell us about the multifaceted world of cyber security.

Business digital environments are growing and with them so are potential security risks. Thanks to the diffusion of remote working and the high mobility of employees in every sector, the company perimeter today no longer coincides with the office walls. Security experts find themselves having to protect an attack surface that has grown dramatically, making it urgent to adopt advanced solutions for data management and protection and to define more rigorous security strategies, from the single workstation to monitoring the network and the environment in general. The point of view of Vectra AI and Praim on how to approach the issue of security.

What companies are asking for

Vectra AI – The need for mobility and flexibility have led companies to quickly enable new tools to guarantee the operations of their employees. Mobility and flexibility of workstations also bring with them a movement of data and information outside the usual company perimeter. To maintain operations, companies are therefore looking for solutions capable of guaranteeing the security of employees and the information in their availability, wherever they are.

What type of workstations are needed and what requirements they must have

Prime – The need is to approach security with a holistic and integrated method, where each ring of the IT infrastructure offers protection tools, capable of integrating and guaranteeing the information necessary to contribute to overall security. Supervisory techniques can be put in place to identify, report and block security anomalies within the company perimeter or at the borders. The PDLs today are corporate, individual and personal, from which to connect to corporate resources even remotely and from unsafe network sources. Just think of the different types of industries and users.

Public Administration, large companies, call centers need multiple shared workstations aimed at a uniform virtual or web environment. Banks and insurance companies ask for workstations that guarantee maximum safety and a standardized work environment. Healthcare requires workstations that allow access to virtual environments specialized by role and department, managed centrally by the IT department with a guarantee of maximum security and data privacy. The approach to security must involve all the points of potential weakness or vulnerability of the systems, from the central services where the corporate “value” resides, to the user perimeter which represents a possible vulnerable element. The security of each PDL must concern both the device and the workflows.

How to monitor and secure user access

Vectra AI – It is difficult to predict when and how a machine or user account will be compromised by a threat or an external actor, but it is possible to detect the signs and determine their behavior. For this reason, relying on IT threat prevention solutions is not enough: in addition to building barriers to entry, it is necessary to have solutions that constantly analyze the behavior of machines and users and that are aware of the techniques and methodologies used by the attackers. This allows you to detect potential attacks – known and unknown – in time and helps stop them in the bud before they become breaches and cause damage to the business.

Safe workstations

Prime – There are three general factors to make a location safe. The first is to create an optimized and specialized workstation for the purpose to which it is dedicated. There is no doubt that a “general purpose” workstation is more difficult to protect because it must be left free to run all kinds of applications and software with different connections. In the case of multiple workstations, the second criterion is uniformity, which makes it possible to effectively replicate the security measures adopted without distinction. The third point is maintenance. Just as hackers, malware, ransomware and viruses are constantly evolving, so must the software called upon to protect against these threats. Continuous maintenance and timeliness in adopting security updates on all PDLs are essential.

Measures to be taken to ensure safety

Prime – Cyber ​​security must be evolved and stratified. One of the winning approaches is the use of VDI and dedicated and specialized workstations connected to VDI such as Thin Clients that allow you to create and manage virtual machines with the desired operating system and run them virtually on a centralized server. The end user, on his device, will interact with the remote virtual system as if he were working exactly on his workstation, running only a client for video decoding and for sending the interaction information.

Vectra AI – As a rule, a virtual workstation (VDI) is not excluded from the application of the same protection best practices typical of a classic workstation. However, further precautions are necessary in consideration of the fact that these types of workstations are often accessible remotely (remote-working) and that, being dynamic by nature, they can be used by multiple users throughout the day (multi-user) . It is clear, therefore, that such workstations can be preferred targets for attackers to gain initial access to the infrastructure. That’s why it’s important to look for signs of compromised credentials (on-prem and cloud) and closely monitor the use of administrative protocols like RDP.

Shared workstations: safety and prevention needs

Prime – To protect corporate workstations, some technological approaches are more effective than others. Among the most important is authentication to verify that only validated users are accessing the workstation and company resources. Multi-factor authentication reduces the risk of inadvertently leaking passwords just as the use of an OTP on personal devices ensures greater security. Limiting writing to disk also helps. Thin Clients, for example, adopt the Write Filter technique which does not allow writing to the local disk and what is executed and modified is stored in volatile memory (RAM). At each reboot you have a clean workstation from the point of view of the system, on which the attempts of attack asking for modification of the files or of the local system do not take root. Preventing the ability to change system parameters or define new network connections yourself is another good practice to ensure security. Furthermore, the adoption of VPN (Virtual Private Network) is recommended, to guarantee secure connections. Even blocking the peripherals, where not necessary, allows you to prevent the connection of unsafe external devices.

The added value of AI in the analysis of malicious behavior

Vectra AI – Hidden within the high volume of traffic from remote worker activities, corporate networks, and cloud instances is small but important information that, if interpreted correctly, helps detect threats and potential malicious attacks. Through the use of an AI-enhanced Threat Detection and Response platform, security teams can reduce the workload and time required to detect and analyze these signals, increasing efficiency and effectiveness and responding in time before the attacker manages to cause damage to the infrastructure.

Vectra AI and Praim solutions

Vectra AI – Vectra is the industry’s most advanced AI Threat Detection and Response platform focused on detecting and responding to threats within the network, without noise and without the need to decrypt Whether in hybrid or cloud environments Native (AWS, Azure, or GCP), SaaS applications such as Microsoft Office 365 and Azure AD, data center workloads, IoT devices, or enterprise networks, the Vectra platform can analyze, correlate, and sort by criteria prioritize malicious behavior that can put the organization at risk, providing immediately useful information for investigation and automated response mechanisms.

Prime – Thin Clients, Praim’s flagship, are specialized workstations that can be equipped with dedicated operating systems optimized for the purpose, leaner and easier to protect. On these workstations, the number of applications available is limited to clients connecting online or to the chosen VDI. Thin Client solutions, through dedicated firmware, also offer specific security features and simplified and specialized interfaces that limit the user’s action to only the features granted, reducing the potential for incorrect actions that can affect workstation security.

