In a world where organisational endpoints leave the office, and employers are increasingly allowing employees to work remotely, the risk that these endpoints pose when connecting to the corporate network is immense. This has brought some significant consequences from a security perspective, with these devices expanding the network perimeter and thus making it more vulnerable.
“Digital transformation has led to endpoints being able to connect anywhere, anytime, which increases their risk of attack,” says Stefan van de Giessen, general manager of cybersecurity at value-added distributor Networks Unlimited Africa. “Because employees also use these devices for personal consumption and are bypassing network controls and policies, organisations cannot control them outside their VPNs. Simply put: more devices logged into a network brings a greater need for endpoint security.”
Endpoint security, which focuses on individual devices, plays a very important role in network security overall, addressing how the devices interact, and the connected pathways between them. Because endpoints offer gateways to a network, we can see why it is important to safeguard them against those of ill intent, who attempt to gain entry into the network in order to steal information through malware, or shut the network down through distributed denial of service attacks (DDoS), and/or hold the network to ransom.
How to protect your endpoints in this BYOD world?
Endpoints in the mobile world offer vulnerabilities because employees operating their own devices may not always be empowered to run the latest software and operating systems, or aware of suspicious activity and attacks. This clearly makes the ‘bring your own device’ (BYOD) arena a key vulnerability.
Endpoint security ensures that employees are following the right security protocols and that all devices are running on updated systems and programs, which will help prevent security breaches.
Networks Unlimited Africa says it offers a combination of unfiltered data collection, predictive analytics, and cloud-based delivery to provide endpoint protection that puts the network operator back in control.
“Endpoint protection technologies give organisations the ability to detect and respond to security events within their environments,” he says. “It takes a number of different security technologies to enable a complete endpoint security stack. The good news is that, while attackers have multiple tools for exploiting endpoints, organisations also have a number of solutions that can be used to make up a complete endpoint security stack.”
Tools that can be used in the complete endpoint security stack include:
- Endpoint protection platform (EPP): the goal is to prevent code execution and technologies include anti-virus (AV) and anti-malware technologies that aim to block malicious code from running on endpoints, as well as encryption and data loss prevention (DLP) capabilities.
- Endpoint detection and response (EDR): EDR gives organisations the ability to see what’s happening on an endpoint and adds to a security professional’s information over and above the EPP. Capabilities commonly found in EDR include a recording system, behaviour detection capabilities, data search, suspicious activity detection and response capabilities.
- Application whitelisting:Application whitelisting can be beneficial for static servers or point-of-sale (POS) systems that are intended to be limited to certain range of tasks.
- Privilege management:Privileged accounts include local administrator accounts as well as domain-level accounts, and the protection of privileged accounts is a core element of endpoint security.
- Vulnerability and patch management: Vulnerability management technology is used to identify unknown security vulnerabilities within an organisation. Patch management follows on from vulnerability management, as security managers can only patch the vulnerabilities that they know about.
- OS hardening: Organisations can take multiple steps to harden desktop operating systems to make it harder for attackers to compromise.
- Deception: Deception is an early indicator of threat actors in your environment. Deception technologies present bogus credentials and services to an attacker. When the deception services are attacked, the organisation is alerted and can take additional steps to limit risks and protect the rest of their environment.
- Central alerting and monitoring: Visibility into alerts from a central location is key to being able to respond timeously, and having the ability to ingest alerts from across an enterprise infrastructure is critical.
Van de Giessen says: “Endpoint protection technologies give organisations the ability to detect and respond to security events, but must tackle issues such as insufficient security controls, poor patch management and lack of environment hardening in order to avoid compromise. As a result, network security professionals need to use different types of endpoint security methodologies in order to prepare a holistic defence stack in order to detect, prevent and respond to the most advanced endpoint cyberattacks.”
