Getting to Know Endpoint Security
Updated: Nov 7, 2018
By: DAX Paulino
Cybersecurity Practice Lead
Workcentric Solutions Consulting, Inc.
During a presentation of network assessment results in a medium- sized company, the CIO received complaints about their network being slow.
Me: We found that about 70% of your users are downloading patches all at the same time.
CIO: That seems OK. Yeah, I told them to download the patches if they don’t want to get hit by Ransomware.
Me: But, we also found that almost the same percentage is seeding via a P2P application on your network. And I’m sure that it’s not the patches they’re sharing.
The CIO scratched his head.
CIO: At least we’re updated on both patches and TV series.
It certainly is a wild world out there. New variants of Botnets and Ransomware are continuously surfacing which makes it harder to keep up, many companies are reporting data breaches, and almost everyone’s doing what they can to comply with industry and government regulations. And in the middle of it all: our endpoints.
It’s only obvious that our security experts are suggesting one thing – to improve our Endpoint Security.
So what is Endpoint Security?
Let’s make it simpler by knowing what we consider an Endpoint. Any device that a user can interact with may be considered as an Endpoint. This includes laptops, desktops, mobile phones, tablets, and, most importantly, servers.
Having established this, we can now say that Endpoint Security is a process of securing these Endpoints. But, isn’t this just a nice way of “rebranding” an Anti-virus (AV) solution?
Endpoint Security vs. Anti-Virus
In today’s landscape, we have to secure our endpoints in a different, more modern and advanced approach. Threats have definitely evolved and viruses may be the least of our worries. However, AV solutions, a.k.a. Endpoint Protection, should still be a part of Endpoint Security as it is a good way of identifying known threats and cleaning up our systems.
What to look for in an Endpoint Security Solution?
Endpoint Security solutions should at least have the following, aside from AV:
1.) Patch Management. Patching our vulnerabilities on a timely, controlled and proper manner will reduce at least 85% of threats and attacks. It is those vulnerabilities that are being exploited anyway, so it is logical to just patch them.
2.) Application Whitelisting and User Management. Users are pretty much trigger-happy when it comes to installing applications on their devices. This is starting to be a pain to us security practitioners. Apps are surefire ways to introduce threats to our endpoints and networks. For this, app whitelisting and making sure that only authorized users have proper access to these apps will help meet compliance, reduce the number of patch downloads, and diminish threats.
3.)Device Control and/or Data Leak Prevention (DLP). Let’s face it, there are a lot of ways to leak our most important data, and our endpoints are in the middle of it. Endpoint security should be able to address where our data goes by managing our endpoint ports (USB, internet/web, email, etc.).
4.) Asset Inventory. How can we secure our endpoints when we don’t know our endpoints? Understanding our individual endpoints will let us know our security approach and provide better policies
5.) Remote Desktop. This is a good way to provide support to our users in case they need help. This can also go hand-in-hand with IT Service Management or Helpdesk solutions
Who needs Endpoint security?
You need Endpoint Security as long as you have a device. There will be differences between consumer products and enterprise solutions.
Consumer solutions will provide the basic and necessary protection a user needs. Management will be on the same device the solution is installed in, and the updates will be downloaded straight from the Internet.
Enterprise solutions will have a centrally managed interface which can cater thousands of computers. Updates will be downloaded once and will be pushed to each device in a controlled manner, thus, reducing bottlenecks on the network. It also has several other features which can be utilized by the administrator.
Endpoint Security has been around for some time now and should be part of every organization’s IT budget. Looking in the near future, our workforce will soon be mobile and our network-level security will become less significant. With this, shifting our focus back to our Endpoints and users will most definitely be the best choice.