Skip to main content

Endpoint - Securing the starting point for most cyber attacks

  WHAT IS ENDPOINT SECURITY 

Endpoints are typically the computing devices used by users in an organization and they can be a desktop, laptop, a tablet or a mobile phone also. Since the dawn of pandemic , Endpoint security has again taken a front seat as the traditional network centric approach is no longer valid with users working from anywhere. 

Endpoint security is defined as the process of securing the endpoints and includes a set of security controls and not a single control for example access controls, endpoint hardening , anti-malware , data loss prevention tools etc.

WHY ENDPOINT SECURITY IS IMPORTANT

Any end user computing device, such as a laptop, desktop or a mobile phone can be leveraged by hackers to gain foothold inside the enterprise network for carrying out malicious activities. Securing these end user devices to prevent loss of corporate / organization information has become very privacy important in the wake of heavy fines being imposed as per various regulations such as privacy regulations and also loss of business to competitors. Post pandemic the perimeter security ceased tto exist in its true sense as an enterprise security solution as users started accessing corporate information from discrete networks such as from their homes , with zero firewall filtering. The line of perimeter is fading away fast and the security solutions are becoming cloud centric.

The best way is to force endpoint devices to meet corporate security baselines prior to being granted access to corporate data, thus effectively mitigate the risk of exposure to unknown and unverified endpoint devices. Many organizations are also adopting the Zero Trust Architecture, which is more like a Always on VPN with no traffic splitting, so essentially all traffic will be filtered by the organization specific policies via a reverse proxy and for allowing access to internal network assets the solution provides a secure and encrypted tunnel typically referred to as Private VPN.

Please note that Endpoint security doesn't mean actions being taken solely on the endpoint side rather the Endpoint security now encompasses the actions which extend along the entire chain of information access : from OS booting, User login, Application usage and access of Corporate resources (internal applications, data on file server , email etc.) from anywhere. 

ENDPOINT SECURITY REQUIREMENTS

100% protection of Endpoints is a myth unless the system is completely isolated and does not connect with any network , no usb is ever used and no external media is ever inserted. But than it would not be useful to serve a purpose to the user who may want to print a document or send out an email. To manage the security of endpoints and keep the risk of endpoint compromise to minimum, organizations need to adopt a layered defense approach. The layered defense approach focuses security controls by prioritizing essential security requirements versus good to have or non-essential security features. Basically you build up the defenses one above the other starting with the most needed controls first.  The essential ones are non-negotiable while non-essential/good to have can be considered based on organization business domain , regulatory requirements , culture etc. Here is the list segregated into Essential and non-essential features , but you are free to build your own list.

Essential Features

  • Endpoint Privileged Access control
  • Application Control - Whitelisting and blacklisting
  • Network access control
  • Malicious Traffic Filtering
  • Log Management

Non-Essential - Good to Have

  • Device or data encryption at rest
  • Information Rights Management
  • Data loss prevention
  • Insider threat protection
  • Endpoint detection and response (EDR) - for Medium sized organizations
  • Extended Detection and Response(XDR) for Large Organizations or for those who have complex business operations with sensitive data spread across multiple business units

As the technologies are evolving and most organizations are going cloud centric to reduce capex, become more agile and flexible,  the endpoint technologies will undergo metamorphosis too, so it will be a good strategy not to commit for a endpoint solution that doesn't offer cloud integration or SAAS model. 

Labels:

Comments

Post a Comment

Popular posts from this blog

Phishing Mail Sample

 Phishing Mail Samples  Domain Squatting Mail Squatters are everywhere - be it the physical world or the cyberspace. Domain squatters are just squatters will keep a check if they can get your domain name when it expires or will books similar domain names and than try to sell you for a premium. Their are others who will just send you mails representing themselves as some Authority from other country and warning you of a dispute of domain name ; pressing you to reach out to them. Here is one sample of such a mail. Be warned - never ever communicate with these guys. Stay away   #ISOGeek #Antivirus #DomainSquatting #PhishingMail #PhishingMailImage
Post a Comment
Read more

CTPAT Awareness Presentation : Page 4

 This is the final page for CTPAT Awareness Presentation. Please feel free to contact me via Twitter if you want to have the PPT version. Information security has gained importance since the worldwide outbreak of WannaCRY ransomware. While businesses are ramping up their cybersecurity posture, Manufacturing industry is still far behind in adopting the cybersecurity controls and basic hygiene. CTPAT awareness presentation here focusses on some key aspects such as sensitizing employees on the need to password security , social media security and mobile security. 
Post a Comment
Read more