Increasingly, corporate work is being carried out on mobile laptops, tablets, and smartphones, and corporate data is being held outside of the company’s own systems.
What is Endpoint Security?
It used to be that corporate networks were accessed via computers or workstations in the corporate office itself. But now employees use home PCs, laptops, smartphones, and other devices. All of these remote devices are endpoints, and each of them is a potential vulnerability.
The problem is made even harder by the fact that many of these devices are not company-issued hardware and do not include IT-approved software on them. Bring your own device (BYOD) policies mean that the corporate network is accessed by a personal device with an unknown mix of software on it.
Endpoint security centrally manages any access request from a remote device, and rejects any request from a non-compliant device, whether that’s a genuinely unmanaged or unknown device, or because the device’s operating system or anti-virus software is not updated properly. Nevertheless, many networks have a large number of unidentified, unsecured devices on them, and these tend to collect if not monitored.
Antivirus and Its Growing Inadequacy
Endpoint security has been based on antivirus software, using malware data signatures to detect and block known malicious programs, just as antibodies do in the human body. But malware that has not been identified and tagged by others cannot be identified, and, increasingly, malware changes and evolves quickly.
Most compliance requirements, such as the Payment Industry Data Security Standard (PCI DSS) specify antivirus software as requirement, but the result is sometimes that companies do only what compliance requires. When it comes to endpoint security, antivirus is necessary, but not sufficient. Companies of all sizes need to recognize that cyber security is a key business function, and treat it as such.
Vigilance is the Price of Security
Any piece of software or installed device quickly becomes out of date. Everything requires regular updates, checking to ensure that the updates have been applied, and review of logs to detect attempted attacks.
With regular updates, a good endpoint security product really will defend against most attacks, and provide visibility into every device on the system. This can come in the form of a Security Information and Event Management (SIEM) console. But someone knowledgeable needs to monitor that console, and react appropriately.
The ever-changing picture of all the various endpoints in a system is hard for current IT setups to deal with. They are used to taking some time to analyze and model threats and problems, and then respond on a consistent schedule. Monitoring and securing endpoints requires changes in workflow.
Some solutions use behavior-based prevention. Malware has certain behavioral characteristics, and such solutions can identify those, even if the malware is unidentified.
The Problem of Human Error
The problem with endpoints is who operates them: human beings. Humans still click links in phishing emails, inappropriately forward information, and remove protection by killing processes they feel are slowing down their device. Many executives and particularly CEOs feel they have the right to use unauthorized applications on their mobile devices, but don't realize the consequences.
In a real sense, employee error is a problem with no solution. Education tends to have only limited effects. And various types of social engineering attacks will only increase in sophisticating, taking advantage of how scarce a resource attention is in the modern workplace.
Prepare to Recover From Failure
That is why companies need to have perimeter defense, defense in depth, and the ability to recover all as part of their planning.
Each level of defense is important, from an effective password policy, to encryption, to frequent patches and updates, to central monitoring. But even if all that is working well, breaches are still likely and planning needs to include recovery and damage control.
The need for robust endpoint defenses will only grow, as will the number of endpoint devices that need to be defended. The Internet of Things will bring vast numbers of endpoints of various configurations even as the variety and sophistication of employee-owned devices increases. Even smaller companies need to focus on endpoint security.