End User Devices

What Is It?

End user devices are quite simply what your employees utilise to access the organisations resources and conduct their tasks as part of their role. Some examples of these devices are workstations in an office environment or laptops that leave your premises with an employee. It is important to see any devices that you share with suppliers, customers or any other third party in this category as whilst they will likely have reduced access, if the devices are provided by your organisation then their security affects your organisations security.

Why Assess It?

There are many reasons to conduct an end user device security assessment, five of which are below.

Remote Worker Threat

With most teams now working remotely at least some of the time, the attack surface has changed for threat actors. By undertaking an end user device security assessment you can gain assurance that no matter where your users are connecting in from they are doing so securely and are not exposing your network to additional risk.

Physical Attacks

Once a physical device has been commissioned it is part of your organisation and provides an opportunity for threat actors as well as intrigued users to circumvent your software based security controls via physical attacks such as decrypting data on disks via direct memory access ports such Firewire ports for example. By conducting an assessment, you will have confidence that no matter where your devices are located or how they are being used, the data on them and your wider organisation is not placed at risk.

Data Exfiltration

Your organisations data is sensitive and you need to be assured that it is not trivial for a user, acting maliciously or not, or a threat actor to exfiltrate your organisations data from the devices. The assurance on this does not just focus on data residing on the device but also what it is possible to retrieve from its connection back to your organisation that would assist a threat actor, such as enumerating valid users from an unauthenticated perspective for example.

Validate Device Management

Your organisation likely has many discrete devices, both in terms of the actual number of them in circulation and the variety of them. A strong security posture requires assurance that all the different devices are under organisational management and have had appropriate configurations and protection tooling deployed.

Secure the Organisations Reputation

End user devices are seen by suppliers, competitors, customers including sometimes the wider public. The security hardening on display can give viewers confidence that your organisation takes security seriously and as such have confidence in your reputation and trustworthiness.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your end user device security assessment and we do this by:

Looking at Every Scenario

Devices are used in a number of ways and we believe it is important to think of every reasonable attack vector. Whilst others may only look at the baseline operating system, we consider what would happen if the physical device falls into the wrong hands or is subject to additional scrutiny from a malicious network perspective amongst other threat scenarios.

Best Practice Alignment

The configuration options available for end user devices is extensive, we look to align you with security fundamentals ensuring that every aspect of your security posture on these devices is covered and align you to relevant best practices to ensure future compliance with security standards and requirements.

Wider Observations

End user devices are needed for a reason, so we ensure our assessment looks at those reasons and checks the business relevant activities such as how does the device connect back into the organisation, is there a VPN and is it configured appropriately? Is the end user device operating in the zero trust model and only providing access to virtualised desktops? All these points in the assessment give you additional confidence in the wider security context.

Human Behaviour

Utilising our knowledge of threat actors, we know how humans use devices and where there is likely to be insecure behaviour, either deliberate or accidentally, that could be leveraged. Using this knowledge, we both identify and provide tangible remediation advice to ensure insecure artifacts are not left for a threat actor to use.

Factoring in Other Controls

The risk between different devices is not the same, a laptop roaming the world from a senior individual in the organisation is likely to face a very different threat profile to a workstation that stores no content and is inside a secured office. We pride ourselves in understanding the bigger picture, both to ensure no false positives are reported but also to ensure we report the right findings at the right severity with the right advice, every time.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top