Do you know what's on your employees' mobile devices? CyberEdge researchers believe mobile applications are the greatest risk to your company's network. In a 2015 assessment, Veracode found an average of 2,000-plus malicious apps on network mobile devices. The solution isn't necessarily a broad-based ban on personal app usage in the workplace. Rather, it's time for security pros to double down on endpoint security.
In this blog, you'll learn why an endpoint security strategy matters, and the basics of an effective approach to endpoint risk management.
What is an Endpoint Security Strategy?
Every device connected to your company's network represents a potential path to entry. An app that contains malware on one employee's smartphone could potentially allow hackers to gain access to your customers' personal identity information (PII). As the volume of endpoints has exploded, automated security has grown increasingly important.
Endpoint security is defined as policy-based administration of security protocol over various network elements. The specific endpoints included in your strategy can vary, but may include:
- Point-of-Sale Systems (POS)
The strategy aspect is defined as determining rules for compliance with security policy and policies to limit access to non-compliant endpoints through segregation on a VPN or removal of access permissions.
Common elements required to administer an endpoint security strategy include an operating system (OS), a VPN client, and anti-virus software. Organizations will typically use a centralized endpoint security management system, which involves a host system and "clients" installed on each device.
10 Keystones of Effective Endpoint Security Management
1. Multiple Forms of Security Protection
Protecting your organization requires more than just a firewall. A single, robust antivirus program is also insufficient. At a minimum, your endpoint security strategy should include the deployment of:
- Device Firewalls
- Email-Specific Antivirus Tools
- Internet Security and Filtering
- Mobile Device Management
- Mobile Security Solutions
- Application Controls
- Intrusion Detection Tools
Security professionals should seek solutions that offer protection for every device on their network, and agent-based solutions for actively monitoring security.
2. Centralized Management
It's not possible or pragmatic to manually manage the hundreds or thousands of computers, terminals, and mobile devices on your network. Cobbling together a series of disjointed security solutions can also lead to a host of errors, including poor system integration, redundant alerts, or overwhelming administration duties.
With a single, centralized solution for monitoring the integrity of your network and endpoints, your organization can achieve the business benefits of:
- Fewer security incidents
- Easier deployment of complementary features or products
- Reduced technology and management costs
- Faster response to unwanted activity
3. Full Device and OS Coverage
According to research by Cass Information Systems, 85% of organizations are using bring-your-own-device (BYOD) in some capacity. Other companies are selecting a more conservative approach to employee mobile device management, which could include choose-your-own-device (CYOD).
As a result, many networks contain far more operating system (OS) options than just Windows or Linux. Within a single organization, users may utilize Windows, *nix, Mac, and multiple iterations of iOS and Android. Your endpoint security strategy must include tools for monitoring every type of OS on your network. The only secure alternative is for your security team to understand and manually safeguard every flaw in each OS, which is resource-prohibitive.
4. Data Protection
Data asset protection isn't a component of endpoint security if you're using the strictest definitions of the concept. However, it's hard to develop an effective strategy without consideration for data protection, which is really the ultimate goal of any information security program.
By securing your endpoints and limiting access, you're removing possible methods of exposure for your data. In addition to the endpoint security tools discussed above, your organization should ensure you've addressed:
- Data Encryption
- Network Segregation
- Data Loss Prevention
- Data Access Governance
- File Integrity Monitoring
Ideally, your centralized tool for administering and monitoring endpoint security should also allow insight into the security of your data assets and critical system files.
5. Security Maturity Key Performance Indicators
Security is an iterative process. Organizations must continually monitor, assess, respond, and remediate to avoid incidents. By understanding your baseline and goals, you can make progress towards better threat management.
If you need some inspiration, John Kindervag offers a model for broad-based security maturity assessment in his Forrester Research, which can be useful in the development of tailored metrics for your security program:
|0 (Nonexistent)||Not understood, not formalized, need is not recognized.|
|1 (Ad Hoc)||Occasional, not consistent, not planned, disorganized.|
|2 (Repeatable)||Intuitive, not documented, occurs only when necessary.|
|3 (Defined)||Documented, predictable, evaluated occasionally, understood.|
|4 (Measured)||Well‐managed, formal, often automated, evaluated frequently.|
|5 (Optimized)||Continuous and effective, integrated, proactive, usually automated.|
6. User Security Awareness
Endpoints are a massive security vulnerability because they're used by employees. A decision to click on a malicious link, upload a file to Dropbox, or to allow a "friend" to use your device can expose your organization in seconds. Some of the greatest user-originated endpoint security risks include data leakage, accidental vulnerability exploits, and lost devices.
Bridging the gap between awareness and positive security behaviors in employees may require organizations to conduct hands-on training on how to accept security updates, avoid risky wireless networks, and prevent dangerous app content. It should also encompass updates to acceptable use policies to clearly address behavioral expectations for mobile users.
7. Mobile Threat Management
As mobile threats grow, IT pros need methods to ensure their devices are protected that are easy and simple to maintain. To ensure you've maximized protection for your company or employee-owned devices, several forms of technical safeguards may be necessary.
Depending on your assessed risk factors and tolerance, your mobile threat management may include:
- Mobile VPNs
- Strong Device Authentication
- Control and Monitoring of Third-Party Content
- Mobile Penetration Testing
- Mobile Device Management Platforms
- App Containerization (the on-device segregation of business apps and data)
- Agent-based Mobile Monitoring
Ultimately, the right combination of technical safeguards can be highly specific to your enterprise. At a bare minimum, organizations need the ability to ensure secure data connections and actively monitor all mobile devices.
8. Ongoing Detection
An active endpoint security strategy must include ongoing detection mechanisms, which are typically enabled by communication between monitoring agents on each device, and a central management portal. Gartner's Anton Chuvakin, who initially coined the term "endpoint threat detection and response" in 2013, specified three use cases for endpoint visibility:
- Data search and investigations
- Suspicious activity detection
- Data exploration
Your organization needs the ability to detect changes in seconds—before they affect your company's network. By detecting sudden abnormalities in end user behavior, malicious file content, or other risks, you can enable an appropriate response.
9. Incident Response Processes
Visibility isn't enough to reduce risks. The 2016 Verizon Data Breach Investigations Report found that 82% of modern cybercriminals complete data retrieval in "minutes or less," while 75% of organizations fail to respond to the incident for weeks or longer. There's evidence that your peers' endpoint strategies are ending with visibility, or dangerously, even sooner.
Industry-wide, there is a motion to move towards stronger incident response processes. Security Week, noting Enterprise Security research, stated that 29% of organizations hope to improve response mechanisms. However, 38% of security teams feel like they spend too much time "firefighting" to improve response, while 29% are frustrated by the manual effort needed to respond.
The solution for busy security pros is clear. In order to develop a comprehensive security program, you need a centralized, automated tool to enable response. You also need the intelligence to distinguish between negative and normal activity on complex networks.
10. Incident Remediation
How can you reach Stage 5 security maturity in the above Forrester model where your activity is fully-automated, consistent, and wholly effective?
Truly protecting your endpoints and data assets requires the ability to remediate incidents at the time of detection. With an integrated security management tool, you can gain the ability to have visibility into threats and completely reverse changes in real-time on your PCs, POS systems, mobile devices, and more.
Achieving a Mature Endpoint Security Strategy
Endpoint security isn't simple. As organizations' threat surface increases, they need more sophisticated tools than simple antivirus software or basic network segregation protocols. The key to protecting your assets and connected devices is an integrated management solution, which enables total visibility, response, and remediation.
CimTrak is a comprehensive security, integrity, and compliance application that offers agent-based coverage for a wide array of endpoints, including POS systems, mobile devices, and other network devices. CimTrak is the only solution to offer more than just built-in intelligence on threats by allowing administrators to completely reverse changes directly from the management portal. For more information, click here, or download out technical summary today.
September 20, 2016