025
ENTERPRISE SECURITY BLUEPRINT
CONTROL LAYER
02
Attack surface minimization – the Least Privilege principle is highly effective
against zero-day attacks because it can mask flaws in the system components.
Least Privilege controls can prevent:
.
Access to network ports and services, constraining network protocols so that
uncommon (and therefore often lightly tested) features are blocked
.
Code execution from data objects or unknown programs, which would then
restrict applications from modifying system state
.
Network interactions between hosts that are not required to communicate (e.g.,
P2P networking )
Behavioral controls and anomaly detection – constraining the system to “normal”
behavior can help block malware even if it successfully subverts system components.
For example, a host that performs an abnormal network scan can be restricted using
containment controls
Man in the loop – malware and threats can be defeated by requiring human
confirmation or acknowledgment of sensitive operations. This can be combined
with behavioral base-lining so that only anomalous behavior would require such
intervention
Retrospective analysis – when threat intelligence is received for newly detected
threats and vulnerabilities, past system event logs can be reviewed to identify
indicators of malicious activity or compromise
In addition to the above, timely patching of vulnerable applications and the use of threat
intelligence-based IPS controls can reduce the windowof exposure for known vulnerabilities,
thereby blocking exploits as soon as possible after the vulnerabilities are discovered. While
this practice does not prevent zero-day exploits, it should be noted that the vast majority of
advanced attacks leverage known, but unpatched, vulnerabilities.
Access Control
Access control has traditionally been at the core of corporate security policy enforcement
and is still today the foundation of any security architecture.
Access control enables business processes by defining the interactions between users and
data within the corporate network. It applies the minimum level required to support the
business and enforces the security principle of “Least Privilege.” Any interactions that are
not explicitly authorized are considered to be unauthorized and should be blocked.
Access control protections depend on repositories that describe enterprise-specific business
rules, assets, users, roles and applications, as well as define security policies for the set of
authorized interactions between these same assets, users and applications.
For example, access control would determine whether a user is allowed to access sensitive
enterprise services and could qualify authorizations based on the user’s location, host status,
time of day, etc.
The Least
Privilege
principle
constrains
interactions to
the minimum
level required
to support the
business
