InnerCircle Client Advisory: Introduction of Additional Security Protections

Our continued commitment to improving client security

Summary

At InnerCircle our aim is to ensure the security of our clients systems and the integrity of your data. As evidenced by recent security events, the importance of this focus is greater than ever. We continue to invest in protections and remediations to minimize the attack surface and to reduce risk to you our clients. As part of these ongoing efforts, we may proactively implement additional measures to harden security and decrease risk. These measures may include changes to specific system configuration policies as well as the introduction of new tools.

In that light, we are tightening the configuration of some existing security tools and introducing two new supplemental enhancements to the security protections of your environment to improve your overall security posture.

Enhancements

Microsoft Advance Threat Protection Attack Surface Reduction

Protection Summary:

We have implemented a set of controls to prevent threat actors from obtaining a foothold on systems by implementing rules that help stop malware. Additionally, we’ve enabled Controlled Folder Access which helps prevent malicious or suspicious applications (including file-encrypting ransomware) from making changes to files in your key system folders.

Impact:

Windows Defender should inform employees when a program is blocked from running. Due to the nature of the protections there may be situations that arise where applications may require whitelisting and additional approval to operate. Requests for approval should be directed to our First Response Group.

Tool Additions

Managed Detection & Response

Protection Summary:

This solution helps find and stop hidden threats that may evade traditional preventive security tools. By focusing on a specific set of attack surfaces, vulnerabilities and exploits, it helps us protect your network from persistent footholds, ransomware and other attacks.

Impact:

Employees should not notice any direct impact or change.

Zero-Trust Application Whitelisting

Protection Summary:

This solution allows us to review and control what software is running on your endpoints and servers to help block ransomware, viruses, and other software-based threats. Standard security tools work by comparing files or behaviors against known definitions of specific or typical malware. Application Whitelisting supplements this by creating a library of approved software unique to your environment and allowing only that software to operate, and even then, only in an authorized manner.

Impact:

We are currently deploying this solution in an auditing fashion. Our team will work to customize the necessary policies to allow the continued use of the applications your organization relies on. There may be situations that arise where new applications may require additional approval to operate. The tool will allow employees to directly make elevation requests to be reviewed and approved. As we prepare your specific environment for full deployment we will be in touch to review this elevation process and all implications directly.

Employee Communication

We ask that you broadly communicate these changes to the individual members of your organization. As always, if any IT issues arise from this change you may contact our First Response Group via email at helpdesk@innercircleit.com.

Budget Considerations

Our attention is singularly focused on ensuring we identify and implement all reasonable solutions to protect our customer environments. Due to the unprecedented and critical nature of these security tools, we are categorizing both as mandatory offerings for all clients and the associated monthly licensing costs will be added to your upcoming invoice.

We hope you appreciate the value of these improvements.

If you have any specific questions about these enhancements or you would like to review your firm’s security posture more generally, please do not hesitate to contact us.