Endpoint Security

Every organization has data to protect. The data itself varies in type and value, but often includes items such as: Customer Lists, Intellectual Property, Financial Data, Personal Information, Research, and/or Brand Information.  In order to effectively protect this information, organizations must ensure the storage location of this data in its electronic form is secure and must also consider all possible communication channels to this data as well.  When considering the multiple access methods into ones network, it becomes obvious that the widest access layer into your organization and the maximum risk and exposure point within your environment is your endpoints (Laptops and Desktops) themselves.

The problem with securing the endpoint is that it is nowhere as simple as it seems. This can be contributed to many challenges facing today's endpoints:

  • Today's PC's tend to run a very small subset of Operating Systems which is typically one of the last 2-3 versions of either Microsoft or Apple OS. This allows today's hacker/attacker to focus their efforts on exploiting a very widely distributed and predictable system footprint allowing for re-use of the attack vehicle in almost any organization in the world.
  • Many organizations leverage highly mobile laptops to allow their workforce to be as productive as possible by working from home and on the road.
    • Mobile computers connect to untrusted networks while mobile which often exposes them to external attacks well outside of corporate monitoring and protection.
    • Mobile computers and users connect to unknown networks via wireless on a regular basis such as those found at coffee shops and hotels.
  • Today's PC user utilizes many technologies that effectively tunnel or transport untrusted data and content from remote networks which can include various malicious components:
    • Website drive-by downloads can occur when a user accesses a remote website which has been compromised thus transferring potentially malicious data into your network.
    • Utilizing various external voice, video, chat and social media networks can create temporary backdoors/tunnels into your network.
    • Email can potentially transmit content capable of exploiting your system such as scripts directly embedded into the email or into attachments like seemingly innocuous PDF files.
  • Organizations often fail to follow the security tenet of Least Privileges when configuring users local accounts thereby allowing the user to run applications locally as administrator which provides many of the above threats easier access to circumvent further controls and guarantee infection.
  • Lacking and unenforced Approved Application Lists allows the user to add many unapproved software packages to the endpoint creating a major drift in the organizations known application and vulnerability profile. Each application installed in your environment is another potential risk to your overal security posture especially when it is exists in unmanaged and unmonitored software.

There are many ways to deal with the problems listed above but since the problems themselves are fairly complex and often involve a day zero attack component (one that is likely to be exploited prior to patch availability and installation), you must not rely purely on network controls but also controls directly implemented on the endpoint. These local controls should have the flexibility to follow the user as they become mobile and should not require the system to maintain a corproate network connection for the security mechanism to function and protect the PC. Examples of these controls are:

  • Application Whitelisting
  • Patching mechanisms
  • Approved application installers
  • Operating System Security Tuning

While it may seem like a daunting task to control your endpoints, it is by far one of the most effective ways to ensure your organization is secure and to protect for valuable assets. Additionally, people often find that securing and controlling the endpoint also creates a cleaner and more effective computing environment that has less downtime due to outages, re-imaging, and troubleshooting because systems are always well within a standards based profile and not exposed to the threats associated with system drift.

More Information:

For more information on Endpont Security Products, Solutions and Priveon Implementation Services, please contact us.