Tony UcedaVélez: The Endpoint
Tony UcedaVélez is the Founder and CEO of security consulting firm VerSprite, based in Atlanta. He founded VerSprite after working in the IT and information security space for nearly a quarter of a decade.
Tony UcedaVélez: So some of the growing challenges that we have, you know, from our experience and have, again, you know, the audience of entities, companies that we’ve, you know, been elbow to elbow within the forensic analysis, incident response, proactive security has included insurance companies, you know, government entities, private practices in terms of dental, you know, obviously, the hospitals and health care providers. And one common challenge we have right now under the pandemic is users that have elevated privileges. So that is, you know, a major challenge for it.
Because, you know, you have this influx of calls from 510 1520 users that say, I can’t do this, and you have it somewhere in the country or somewhere in the state, trying to provide ground support. And they might be tempted to say, you know, what, let me just enable privileges so that you can do what you’re, you know, you can focus on doing what you’re doing, maybe you need to install a plugin for, again, one of those cloud service providers, their software might not work as well in Chrome, but it works pretty good. And Mozilla as an example, and maybe there’s a plugin component with it.
So there’s a challenge with user rights, right privileges being elevated. And that’s a very bad thing. Because if you do happen to get fished, or you do happen to be a victim of a drive-by download, you want to make sure that the malware that does get executed doesn’t run under the elevated security context of how your user is provisioned.
Another major challenge is patching, you know, patch management gets a lot worse under the pandemic with remote forests worked, because now you don’t have centralized patch management servers that can easily touch upon, you know, the endpoints, different time zones, potentially, you have different networks, obviously. And you might not have the necessary technology like agents to be able to phone home and say, Oh, let me get the latest batch of patches for my system. And so it becomes more complicated. The software landscape also becomes more complicated.
As you know, we have a greater dependency, we just saw in the earlier slides, more cloud more, which means more web, more web-related technologies, you know, a lot of these cloud solutions now have like, you know, you log in and says, Do you want to enable desktop notifications. And so a lot of these things might require some type of embedded software that might require some capabilities by your browser. And the hackers and cybercriminals. Know this. So their browser, which is on the endpoint becomes yet another challenge. The other challenge that you didn’t have when you were actually on-premises in a centralized environment is actually the single user adds a cubicle at their desk working, and no one else is typically using their endpoint.
But now you might have, you know, the spouse, you know, or the domestic partner or the child, the children basically leveraging, you know, the computer that stays on, you know, the someone wants to pull up, maybe Amazon could do some quick shopping. And so you have these realistic scenarios, which makes security a bigger challenge when it comes to a remote workforce. Last but not least, is the hosting of the networks. You’re talking about networks, which, you know, you could have router software, you could have network software that is highly vulnerable, it might be already compromised.
So you’re talking about a mobile asset that’s going into a very, you know, potentially hostile network environment. And there’s no validation, there’s no assurance of whether or not that network can be trusted. Nonetheless, that device is basically never neighboring to a lot of different things, your IoT devices, your printer, your toaster, that’s internet-enabled, you know, anything
Watch every minute of Tony UcedaVélez’s session here.
Learn more about Paubox Spring Summit, Secure Communication During a Pandemic.
Read a full recap of Paubox Spring Summit.
Learn more about Tony UcedaVélez.