If you look around any organization, it is clear that the number of endpoints and applications in use are growing exponentially. Data is being accessed from local and cloud-based storage through mobile devices that can be used as an access point to your most sensitive information.
The digital universe is doubling in size every two years. This mobile proliferation has introduced new risks and areas of vulnerability, expanding the endpoint attack surface. Neutralizing these threats should be on of your top priorities.
Like many organizations, you probably employ some form of application blacklisting and patch management in response to these risks. However, depending on these tools alone can often provide you with a false sense of security because – in order for these security measures to be effective – the attack must originate from a known source. Zero-day vulnerabilities, spear phishing and other advanced attacks are designed to evade these technologies.
So how well prepared are you if an attack occurs from an unknown or unexpected source?
A security model that focuses on restricting the endpoint will not provide your mobile workforce with the flexibility they need and expect. This will only lead to a poor user experience, often handcuffing productivity. In the short term, shrinking the attack surface may help plug these discernible holes. But you still need to have strategies in place that will mitigate the amount of potential damage an attacker could inflict, once a vulnerability is found and exploited.
Attacks can come from anywhere - security layers are required
The attack surface is not typically limited to one threat vector and it is a misconception that malware is often the sole culprit. Attacks can be internal or external, targeting the network, software, or even the user themselves. The reality is that sophisticated attacks often involve a combination of these components.
IT has a limited budget, but you can’t afford to put locks only on the front door, as an attacker will simply focus their efforts on an open window…or in some cases, they may already be inside your house.
Attacks evolve and despite your best intentions, the technology that protected you yesterday is likely ineffective against the attacks of today and may even provide an entry point to new threats.
You need to constantly evolve your security posture. Don’t settle for ‘good enough’ security. Instead, deploy a layered framework that protects against both internal and external threats. An ideal framework is comprised of network, endpoint, and data security solutions to ensure you are protected against the most common threat vectors. Then review, renew, and replace each layer on a regular basis. Like attackers, your security infrastructure should constantly evolve.
Technology alone is not enough, you need your employees on board as well. Train your people often and insist on refresher courses at a regular cadence. Include this as a condition of employment if necessary. Regulatory auditors will be impressed with your initiative.
Security must also extend to wherever the employee is, regardless if they are working from a desktop in the office, or a tablet in a café. With access to sensitive data, the endpoint must remain visible, with constant monitoring of the security layers protecting it. The best security in the world is ineffective if you can’t prove it is working.
Constant monitoring leads to appropriate remediation
Visibility across all your endpoints will allow you to establish a security baseline, by identifying where your devices are, what data they store, and what security tools are in place and operating.
Once this security baseline is established, a monitoring tool will alert you of any deltas or irregularities when compared with historical usage. This can be based on hardware, software or changes in user behavior. This insight can allow for pre-emptive security measures to be performed, often preventing security incidents from occurring at all.
Effective endpoint security is challenging since you are constantly trying to maintain oversight on a moving target. Therefore, it is inevitable that an endpoint will be compromised. At this point it’s imperative that you have visibility over the device, along with the context of the event.
This information allows for a timely and appropriate response, isolating the attack from impacting other devices and to prevent the spread of infection, or freezing a compromised device so the threat cannot access sensitive data or authenticated data stores. Monitoring for suspicious events allows for a targeted response to contain the device and limit the damage once the threat is identified.
Based on the current threat landscape and a myriad of security tools, many proactive organizations no longer view endpoint security as an attempt to remain ‘protected’. Instead, you should consider yourself in a constant state of compromise and remediation, based on your own unique risk threshold.
The ability to monitor and respond allows you to understand where the threats are, and respond appropriately to minimize the damage.