Endpoint Protection Solutions: Why the Traditional Model is Broken
Securing the enterprise may never have been a simple task, but now it is far more complex as hackers have become more creative and as the enterprise itself has extended into remote locations and as far as "the cloud."
With new threats, the rising consumerization of IT, handheld smart devices and 16GB flash drives the size of a finger, security within the four walls of the enterprise is no longer enough. The continuing extension of endpoints and the growing number and complexity of threats require that endpoint protection solutions be reviewed and updated on a continual basis.
Today’s hackers go far beyond the mischievous teenager seeking to prove he can get into a company’s systems-though such pranksters still exist. Today’s hackers work in groups, continually refining their tactics to infiltrate networks to obtain financial information, company secrets and to launch DoS attacks.
Whereas the mischievous teenager would hack in and publicize his prowess to his friends, today’s hackers work in stealth mode. They want to unleash infection without detection so that they can obtain sensitive information today and in the future.
Hackers devote themselves to revising and refining their attacks, becoming more creative all of the time. Among some of the more inventive threats:
- Creating malicious code that might be in an otherwise innocuous graphic or in a creative element such as a flash file
- Encouraging people to download bogus apps that may not have an imbedded threat but instead enable the program to call in other files from the hacker’s controlled server that can exploit unpatched network vulnerabilities
- Attacking the application layer, which uses narrower bandwidths than older-style attacks and is therefore more difficult to detect
- Launching malware containing rootkits with backdoor capabilities, which are extremely difficult to find and eradicate
Compounding this issue is the expansion of the network to an increasing number of remote devices and into the cloud. The endpoints used to be within the four walls of the enterprise. But, today the endpoints extend far beyond the business itself, with employees, contracts and business partners using a variety of laptops, iPhones, Androids and other smart devices to connect to the enterprise.
Though not likely to be attached to a company network, hackers have even gone as far as to target gaming devices with Internet capabilities. Flash drives present another issue. Carrying a presentation or product brochure on a flash drive is much less cumbersome than carrying a load of papers. But it’s just as easy for an employee to download malware-even innocently-to the same device before reattaching it to a company-owned computer.
Mobile device security isn’t as mature as security for more traditional PC desktops and laptops. Criminals know this, so they’re targeting remote-device vulnerabilities left and right. Meanwhile, the more traditional threats continue unabated, making corporate security more complex than ever.
Achieving total security would mean blocking outside access and limiting interior access only to the most trusted senior managers, but such a strategy would stop or severely restrict most businesses. Preventing remote connections is impractical. Salespeople, technicians and other employees all have legitimate reasons to access the network for business-related reasons.
Review Technology, Strategies
The evolving threat environment should motivate every company to review its endpoint protection solutions to see if they’re positioned to thwart the evolving myriad of security attacks.
Endpoint protection solutions should include:
- Inspection of all connections to the corporate network to ensure that devices contain the latest antivirus protection, security patches, firewall settings and other security precautions
- Encryption of company data on endpoint devices
- Quick implementation of software and automatic updates to protect against new threats and to keep up with new remote devices
- Remote locking of mobile devices so they cannot be used by anyone but the authorized user
- Remote deleting of contacts, text messages and other personal information in case a device is lost or stolen
- Security software that won’t slow down the performance of the device
Employee training needs to complement the endpoint protection solutions. Educate them about common security threats and those found "outside of the box." And, make sure they have a clear understanding of how security is changing now that mobile is leading the way.
Hackers have updated their attacks in number, scope and complexity, and businesses are struggling to outpace consumerization threats. More than ever, endpoint protection solutions need to evolve beyond the traditional model to keep up with the times.
By Phil Britt