www.tanium.com
Open in
urlscan Pro
2606:4700::6812:ae17
Public Scan
URL:
https://www.tanium.com/blog/endpoint-hardening-in-changing-cyber-threat-landscape/
Submission: On March 16 via api from US — Scanned from DE
Submission: On March 16 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET /search/
<form class="navigation-search-form" method="get" action="/search/" __bizdiag="113" __biza="WJ__">
<div class="search-form">
<div class="search-input">
<input class="search-text" type="text" name="q" value="" placeholder="Search..." tabindex="-1">
</div>
<button type="submit" class="search-icon" tabindex="-1">
<img src="/wp-content/themes/main/lib/images/site-search-icon.svg" class="input-search-ico" alt="Search">
<img src="/wp-content/themes/main/lib/images/site-search-icon-white.svg" class="input-search-ico-active" alt="Search">
</button>
</div>
</form>GET /search/
<form class="navigation-search-form" method="get" action="/search/" __bizdiag="113" __biza="WJ__">
<div class="search-form">
<div class="search-input">
<input class="search-text" type="text" name="q" value="" placeholder="Search..." tabindex="-1">
</div>
<button type="submit" class="search-icon" tabindex="-1">
<img src="/wp-content/themes/main/lib/images/site-search-icon.svg" class="input-search-ico" alt="Search">
<img src="/wp-content/themes/main/lib/images/site-search-icon-white.svg" class="input-search-ico-active" alt="Search">
</button>
</div>
</form>Text Content
Skip to content
* Platform
THE TANIUM PLATFORM
Answer questions with high-fidelity data you never knew you could get, in
seconds, to inform critical IT decisions.
Learn more
MODULES
Leverage Tanium’s suite of modules with a single agent.
* ASSET
* COMPLY
* DEPLOY
* DISCOVER
* ENFORCE
* INTEGRITY MONITOR
* MAP
* PATCH
* PERFORMANCE
* RISK
* REVEAL
* THREAT RESPONSE
COMPARE TANIUM
See why organizations choose Tanium.
* TANIUM VS. BIGFIX
* TANIUM VS. QUALYS
* TANIUM VS. TENABLE
* Solutions
SOLUTIONS OVERVIEW
Tanium empowers teams to manage and protect mission-critical networks with
complete, accurate and real-time data.
SOLUTIONS
Trust Tanium solutions for every workflow that relies on endpoint data.
* ASSET DISCOVERY & INVENTORY
Track down every IT asset you own instantaneously.
* CLIENT MANAGEMENT
Automate operations from discovery to management.
* RISK & COMPLIANCE MANAGEMENT
Find and fix vulnerabilities at scale in seconds.
* SENSITIVE DATA MONITORING
Index and monitor sensitive data globally in seconds.
* THREAT HUNTING
Hunt for sophisticated adversaries in real time.
INDUSTRIES
Explore solutions for your industry.
* FEDERAL GOVERNMENT
* STATE & LOCAL GOVERNMENT
* EDUCATION
* FINANCIAL SERVICES
* RETAIL
* HEALTHCARE
* Why Tanium
* Customers
OUR CUSTOMERS
The world’s most exacting organizations trust Tanium to manage, secure and
protect their IT environments.
Learn more
CUSTOMER SUCCESS
See what we mean by relentless dedication.
* SUCCESS STORIES
Hear why customers choose Tanium.
* TRAINING
Enhance your knowledge and get the most out of your deployment.
SUPPORT
Get support, troubleshoot and join a community of Tanium users.
* COMMUNITY
Engage with peers and experts, get technical guidance.
* DOCUMENTATION
Read user guides and learn about modules.
* SUPPORT PORTAL
Create and follow support cases.
* Partners
OUR PARTNERS
Get the expertise you need to make the most out of your IT investments.
Learn more
PARTNER ECOSYSTEM
Tap into the power of Tanium partners.
* SOLUTION PARTNERS
Confidently evaluate, purchase and onboard Tanium solutions.
* MANAGED SERVICES PARTNERS
Gain operational efficiency with your deployment.
* ADVISORY PARTNERS
Integrate Tanium into your global IT estate.
* DISTRIBUTOR PARTNERS
Purchase and get support for Tanium in your local markets.
* TECHNOLOGY ALLIANCES
Leverage best-in-class solutions — through Tanium.
GO FARTHER
Explore the possibilities as a Tanium partner.
* BECOME A PARTNER
Bring new opportunities and growth to your business.
* PARTNER PORTAL
Access resources to help you accelerate and succeed.
* Resources
Previous
Community
HOW TANIUM CAN HELP WITH CVE-2021-4034: PWNKIT
Blog
10 WAYS TANIUM IMPROVES VULNERABILITY MANAGEMENT
Endpoint
THE RUSSO-UKRAINIAN CONFLICT SHOWS WHY THREAT HUNTING TEAMS ARE NOW CRITICAL
Resource
ORGANIZATIONS STRUGGLE TO MEASURE AND MONITOR CYBER RISK
Endpoint
5 WAYS TO PREPARE FOR CYBERWARFARE
Resource
THE TOTAL ECONOMIC IMPACT™ OF TANIUM
Community
HOW TANIUM CAN HELP WITH CVE-2021-4034: PWNKIT
Blog
10 WAYS TANIUM IMPROVES VULNERABILITY MANAGEMENT
Endpoint
THE RUSSO-UKRAINIAN CONFLICT SHOWS WHY THREAT HUNTING TEAMS ARE NOW CRITICAL
Resource
ORGANIZATIONS STRUGGLE TO MEASURE AND MONITOR CYBER RISK
Endpoint
5 WAYS TO PREPARE FOR CYBERWARFARE
Resource
THE TOTAL ECONOMIC IMPACT™ OF TANIUM
Next
* 1
* 2
DISCOVER
the latest Tanium content.
* CONTENT LIBRARY
Access digital content from analyst research to webinars on demand.
* EVENTS
Find the latest events happening near you — virtually and in person.
* BLOG
Browse industry news, thought leadership and announcements.
* ENDPOINT MAGAZINE
Unravel the business and security challenges in a distributed world.
* COMMUNITY
Explore and share knowledge with your peers.
BECOME AN EXPERT
and make the most of your IT investments.
* TRAINING
Enhance your knowledge and get the most out of your deployment.
* CERTIFICATIONS
Validate your knowledge and skills by getting Tanium certified.
* USER RESEARCH
Contribute to more effective designs and intuitive user interface.
GET HELP
from a community of experts.
* KNOWLEDGE BASE
Solve common issues and follow best practices.
* DISCUSSION FORUM
Ask questions, get answers and connect with peers.
* Try Tanium
Try Tanium
Mar 08, 2022
ENDPOINT HARDENING AND PREPAREDNESS IN A CHANGING THREAT LANDSCAPE
With the conflict between Russia and Ukraine impacting the threat landscape,
organizations need to know how to prepare and respond if they are attacked
By Melissa Bischoping, Endpoint Security Research Specialist and Osee DeWitt,
Senior Threat Intel Analyst, Tanium
Today’s cyber threat landscape is a volatile place. To many, the most
significant contributor to its current state is the conflict between Russia and
Ukraine and the cyber activity that has accompanied it. Our partners at Deep
Instinct have been closely reporting on the events, and how they’re impacting
the threat landscape.
It is impossible to speak of the cyber threat landscape without covering
geopolitical situations — which is expected, provided one does so with an
understanding of the uncertainty accompanying current events. It is unclear how
long such circumstances will last, or what the lasting impacts of a complicated
geopolitical situation may be.
HOW THE THREAT LANDSCAPE IS CHANGING
Tanium’s goal is to stay abreast of the key trends, extracting actionable
intelligence so that it can help. The following is an overview of the key trends
in the cyber threat landscape:
* Possible increase in ransomware attacks amidst economic instability: With the
US choosing heavy sanctions against Russian interests as its primary response
to Russia’s incursion, the resulting economic instability may result in more
ransomware attacks targeting US interests. Russia has been described by the
FBI as a “permissive operating environment for cybercriminals” and warned
that the US could experience “a possible increase in cyber threat activity”
from hackers operating with the backing of Russia.
* Emergence of new destructive malware: As stated in a recent article from Deep
Instinct, Russian cyber activity “aimed at sowing chaos and disrupting
communications within Ukraine’s government and military institutions” in the
weeks leading up to the invasion included the deployment of new disk-wiping
malware called HermeticWiper (along with widespread DDoS attacks and web
defacements). In the weeks since, at least two new destructive malware
strains have emerged from the conflict, accompanied by novel infection
vectors, and supporting malware designed to ensure the successful delivery of
destructive payloads.
* Phishing and other scams leveraging the conflict: As with any high-visibility
world events (including cyberattacks), threat actors are quick to seize upon
available information and public uncertainty to create convincing phishing
lures and social engineering campaigns. The motives behind such campaigns
alternate between espionage, credential theft, and financial scams.
* Potential “spillover” of cyber activity affecting US targets: The
Cybersecurity and Infrastructure Security Agency (CISA), along with other
multinational cyber agencies, has repeatedly expressed concerns that the
cyber activity observed in the Russia and Ukraine situation could move
outside the conflict zone and impact organizations within the US, EU, or
Western territories.
* Involvement of hacktivists raises stakes: Acts of hacktivism amidst
geopolitical conflicts risk being misattributed by both sides, being
interpreted as state-sponsored adversarial activity, and unintentionally
escalating tensions. Hacktivism (no matter how well-intentioned) can escalate
kinetic activity on the battlefield and heighten the risks in cyberspace — a
reality that could claim lives, destroy critical infrastructure, or result in
retaliatory actions targeting the US and nations with which the US maintains
alliances. A recent example highlighting this paradigm is the leaking of
Conti data (including its source code) after it was stolen from the
ransomware group by a Ukrainian hacktivist in response to Conti’s public
pledge to back Russia in the conflict. Ransomware code has been leaked
before, as with Babuk ransomware, and it led to the re-use and modification
of the ransomware by new threat actors. This is a real risk here as well.
While much of what is described above is related to the cyber effects of one
particular geopolitical conflict, experts forecast several threats expected to
impact the cyber threat landscape soon – many of which have already begun making
themselves known. Organizations are encouraged to be on the lookout for the
following:
* Continued influence campaigns and attempts by state-sponsored actors to take
out secure lines of communication depended upon by the public for reliable
reporting
* Critical infrastructure targeted in attacks
* Continued warnings of impending foreign influence attacks targeting US
organizations and critical infrastructure from CISA
* Spikes in fuel/energy prices, economic instability, and cyber insurers
covering less and charging more
* Increased compromises of open-source libraries and packages and other
technologies comprising supply chains
* Ransomware:
* Increased ransomware activity overall, with an emphasis on a return to
targeting consumers, SMBs, and mid-market organizations
* Increased focus by cybercriminals (with ransomware and BEC leading the
charge) on SaaS and cloud technology
* Publication of Conti source code may lead to new variants leveraged by new
actors, as was the case when Babuk ransomware’s code was leaked
* Emergence of new, loosely affiliated hacking groups, as observed in the
Russia/Ukraine war
* The likely “trickle-down” of malware used in conflicts into the hands of
cybercriminals, who are free to modify and repurpose as they see fit – and
vice versa
* Increase in multi-prong cyberattacks, such as ransomware attacks combined
with influence campaigns, DDoS, destructive malware, false flag ops, etc.
In this rapidly changing landscape, what you do today is essential in your
preparedness and response capabilities if you are attacked. Regardless of your
industry, all organizations should instrument their environment with risk and
attack surface reduction in mind.
WHY ENDPOINT HARDENING AND PREPARATION IS CRITICAL
The best time to have asset management and patching workflows dialed in was
yesterday. The second-best time is today. While many adversaries are currently
focused on systems of interest in countries engaged in active military conflict,
researchers and threat intelligence specialists have indicated a likely uptick
in cybercrime behavior as the effects of sanctions related to those conflicts
cause economic uncertainty in various parts of the world. It is imperative that
you use this time today to close any gaps in patch management for operating
systems and third-party tools, and tune policy to reduce your attack surface.
Place your highest priority on reducing coverage and visibility gaps,
remediating patch failures, and updating third-party software. The current
threat landscape does not support tolerance for endpoints that are 30, 60, or 90
days out of compliance. You should take this opportunity to bring all systems
current on their operating system patches and third-party software, including
servers and workstations.
In the immediate future, you should prioritize the following actions:
* Request emergency change authorization to urgently apply missed and outdated
patches
* Deploy a patch management solution or remediating patch failures
* Address Operating System Patches
* Update Third-Party Software
* Remove unauthorized, unused, or unsupported software
* Apply policy to reduce the attack surface
* Ensure incident response plans are supported by tooling in the environment
* Review recommendations from CISA, as a part of their “Shields Up” initiative,
to reduce your risk of a cyberattack; CISA is also requesting organizations
to report any signs of attack to their office
* Review CISA’s Known Exploited Vulnerabilities Catalog, which contains 95 new
vulnerabilities, added after analysis of vulnerabilities that have been used
by Russian cyber threat actors
HOW TANIUM CAN HELP
Tanium can help organizations address these urgent recommendations with the
following:
Tanium Patch
Tanium Patch offers the solution to deploy patches, coordinate maintenance
windows, and report accurately and real-time on the state of your patching
efforts. New and existing customers can operationalize Tanium Patch and begin
receiving actionable data on their patch status in hours, not days or weeks.
Tanium Deploy
Initial access and lateral movement by an attacker are often accomplished
through the compromise of vulnerable, out-of-date software. Organizations should
not limit third-party application updates to internet-facing systems alone. Once
inside your environment, threat actors may compromise internal systems using
these vulnerable third-party applications. Additionally, “shadow IT” (software
deployed outside the knowledge or support of the IT department) can introduce
unexpected vulnerabilities into the environment. You can use Tanium Deploy to
uninstall unapproved software automatically, keeping your environment free of
disallowed applications.
Tanium Enforce
During an attack, threat actors will constantly seek to expand scope,
permissions, and access across the environment. In addition to applying security
updates for software and operating systems, you can proactively harden endpoints
to reduce the options available to a malicious actor in your network.
Tanium Enforce is your solution to manage Windows policy settings, including
those that can limit your attack surface. Auditing scripts, executables, and
Windows installer with AppLocker audit, or managing PowerShell execution policy
are just a few examples of the more than 5,000 device security and configuration
settings available in Tanium Enforce. As mentioned by Deep Instinct, most users
in your organization have no need to execute scripts. Some other hardening steps
may include:
* Create a policy to restrict script execution
* Visit Microsoft’s documentation for more details on PowerShell Execution
Policies.
* Reducing workstation-to-workstation traffic (RDP, PowerShell Remoting, SMB)
* Disable Administrative shares
* Disable insecure protocols (SMBv1)
* Prevent service accounts and local accounts from logging on remotely
* Implement Anti-Malware and Attack Surface Reduction Rules on Windows systems
NEXT STEPS
You can read more on how to prepare for cyberwarfare in this latest Endpoint
article.
--------------------------------------------------------------------------------
If you need hands-on support, we have you covered. Tanium is offering endpoint
hardening assistance at no cost, no commitment, for 45 days, including patch and
deploy components of the client management solution. We are also offering
no-cost services to assist in operationalizing this software. Existing customers
can reach out to their account reps. If you’re not currently a customer, contact
us here to get started.
Share
Share
Tweet
Email
Empowering the world’s largest organizations to manage and protect their
mission-critical networks.
*
*
*
Contact Us
Converge 2021
Experience the Power of Certainty
Attend on Demand
* About Tanium
* Careers
* Leadership
* Newsroom
* Events
* Sustainability
* Converged Endpoint Management
* Platform
* Asset Discovery & Inventory
* Client Management
* Risk & Compliance Management
* Sensitive Data Monitoring
* Threat Hunting
* Explore
* Endpoint Magazine
* Tanium Blog
* Community
* Content Library
* Support
* User Documentation
* Community
* Support Portal
* Customers
* Success Stories
* Partners
* Become a Partner
* Legal
* Privacy Policy
* Terms of Use
Converge 2021
Experience the Power of Certainty
Attend on Demand
© 2022 Tanium Inc. All rights reserved.
English Français Deutsch 日本語
English
EnglishFrançaisDeutsch日本語
We use cookies on our website to support site functionality, session
authentication, and to perform analytics. By continuing to use this site you are
giving us your consent to do this. Learn More | Adjust Cookie Preferences
| Accept
We have recently updated our Privacy Policy as of March 31, 2021. Please review
it here.
Our website uses cookies, including for functionality, analytics and
customization purposes. Learn More
We have recently updated our Privacy Policy as of March 31, 2021. Please review
it here.
Agree Do Not Agree
Cookie Preferences