With the new firewall in place (“Block the bad, grant the good access”) in addition to our dedicated malware-quarantining appliance that has been running smoothly for some years, it’s time for strike number three: the deployment of new anti-virus, anti-malware and endpoint detection and response software running on Windows and Mac computers. Our bonbon for Christmas.
Multi-featured anti-malware software (AM) and sophisticated endpoint detection and response software (EDR) are the last line of defence for your computer before everything goes down the drain (“What have accelerators and pipelines in common?”). By monitoring local activities on your computer – by the operating system, on the local file system and network communications – the AM and EDR are jointly able to detect and report abnormal or malicious activity. The AM is a security suite constituting the first line of defence. It looks for malware signatures identified by a global threat intelligence network as well as improves system security generally by, for example, detecting behaviour associated with ransomware, blocking access to malicious websites and monitoring that system updates have been applied.
The EDR is a specialised threat hunting and response software using CERN-internal and external threat intelligence feeds to detect more sophisticated attacks. Whole system state behaviour is analysed by the central dashboard, allowing CERN’s Security Operations Centre to analyse threats in real time in order to better understand the origin, damage, extent and consequences of the successful attack, as well as run remote queries intended for threat hunting.
CERN is about to purchase this new AM and EDR solution and is in the process of rolling it out. Based on different use cases, device ownerships, responsibilities and privacy aspects, there are two distinct deployment methods for CERN-owned devices and for personal devices (“bring your own device” or, for short, BYOD):
- All centrally managed devices, i.e. centrally managed Windows servers and centrally managed Windows PCs/laptops, will have AM, EDR solutions deployed via the standard means (i.e. CMF) and remotely managed, monitored and maintained by CERN Desktop Support. Similarly, the installation of AM and EDR solutions are envisaged and supposed to be deployed and enforced for all Windows laptops and Macbooks bought with a CERN budget code. In all cases, the CERN Computer Security team will intervene and conduct remote incident response in case the AM/EDR triggers an alert;
- When it comes to BYOD, your personal Windows laptops, Macbooks and the PCs you use at home for teleworking also benefit! You can download and install the AM free of charge from the CERN app store for Windows or Mac-Self Service. The licence must be renewed every 12 months by reconnecting to that app store or it will become invalid. However, since the installation concerns your personal device, your privacy is paramount to us. All alerts will be displayed only to the local user. Neither the CERN Service Desk nor the Windows Support Team nor the CERN Computer Security Team will be able to remotely connect to your device. You would need to contact us at Computer.Security@cern.ch in case of problems or issues.
Thus, with this new AM and EDR offer by CERN, you can protect your work horse, your teleworking posts, your personal data and CERN, all in one go. Right in time for Christmas. C’est bon-bon, non?
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.