Endpoint security management has become an area of much concern in recent years for a number of reasons, on top which are the ever-increasing incidents of hactivism/hacktivism, APT, and malware attacks and the proliferation of personal smart phones, tablets and iPads that employees bring into the workplace (related article: Bright and Dark Spots of BYOC).
The “security” part of the phrase “endpoint security” may be obvious to all, but the “endpoint” part could use a little explanation. The endpoint is a device on a TCP/IP network, especially one that is connected to the Internet; it can be a laptop, desktop PC, network printer, POS terminal, tablet, smart phone, or tablet. A more traditional (albeit self-referential) description of the endpoint from wireshark.org is: “the logical endpoint of separate protocol traffic of a specific protocol layer.” The network endpoint as we know it is dead, according to a published Microsoft report.
Endpoint security, to borrow the words in the same Microsoft report, is “the security of physical devices which may literally fall into the hands of malicious users.” This is a simplistic definition, but it quickly brings home the point. Because traditional endpoint security management has become inadequate, Microsoft came up with general recommendations more applicable to present realities:
- Develop a detailed plan for responding to a security incident, such as: social engineeringattempt, DDoSattack against the network/specific hosts/applications, lost/stolen device, unauthorized use of system/network privileges or unauthorized account access, system-wide malware outbreak.
- Pay attention to support infrastructure systems, such as routers, firewalls, and similar assets.
- Identify the support persons to contact in case of endpoint security breach, and keep their contact details within easy reach.
- Develop simple and effective response procedures for each category of security incident, and get input from users affected by it.
- Keep abreast with emerging endpoint security technologies, and learn how to choose the one solution – among a myriad of offerings – that matches the requirement of a particular network environment.
In a separate study on the state of endpoint security in 2013, the Ponemon Institute made a list of more specific recommendations:
- For BYOD – Create acceptable use policies.
- For privileged users at the device level – Define governance policies on: use of corporate assets; installation and use of third-party applications; and use of privilege management software for control of third-party application installation and enforcement of change control processes.
- On access of critical data stored in the cloud – Establish policies and procedures defining and stressing the importance of protecting sensitive/confidential information.
- For overall endpoint risk management – Improve collaboration between IT operations and IT security for better allocation of resources and creation of strategies to mitigate hacktivism, BYOD, third-party applications, and cloud computing risks.
- For endpoint security technologies – Choose an integrated endpoint security suite that has vulnerability assessment, device control, and anti-virus and anti-malware functionalities, after conducting risk assessments.
Like any other set of security measures, the foregoing recommendations don’t guarantee perfect endpoint security but ignoring one or more of them will weaken an organization’s endpoint security management. For example, not having a security incident response plan and related procedures will lead to panic and delay in taking proper action when a security incident does occur. Or, if BYOD practice is left to chance, mobile devices could serve as entry points of all kinds of attacks against the organization’s system; the Ponemon report said that 80 percent of their survey respondents admitted that laptops and other mobile devices that are capable of data access pose a significant security risk to their organization because they are not secure.
The dangers of weakly managed endpoint security often lead to major financial setback, negative legal implications, and loss of public/customer confidence on the organization.
Obviously, proactive steps can be taken before everything is too late
m.tiggelaar
– Founder of Key4ce & FuseCP.
– More then 13 years of experience with Windows high availability and Microsoft Exchange.
– More then 13 years of experience with Linux and Unix.
– Open source enthusiast and a large contributor for multiple large Open Source projects.
My current main focus of attention is Geo-Clustering.