Month: November 2019

Endpoint Security

This post is the one of the series of posts that would cover various security tools/process/method that is required of strengthen enterprise security.

As security technology gets more sophisticated, so do the attack tools, tactics, and methods. Attackers today are masterful at discovering the weak points in a corporate security strategy – and right now, they are zeroing on endpoints. data protection has become a mandatory part of every company’s security strategy.

It is a company’s duty – and, as of late, its legal obligation – to ensure that any sensitive data it collects is protected. Failure to do so can have catastrophic consequences: public embarrassment, loss of customer trust and, thanks to the enforcement of strict new data protection regulations, heavy fines.

What is an endpoint?

An endpoint is any device that is physically an end point on a network. Laptops, desktops, mobile phones, tablets, servers, and virtual environments can all be considered endpoints although hardware such as servers in a data center are also considered endpoints. With the growing popularity of BYOD (bring your own device) and IoT (internet of things), the number of devices connected to an organization’s network can quickly reach into the tens (and hundreds) of thousands.

What is endpoint security?

Endpoint security combines various attack prevention, detection, and response technologies with intelligent services to form an advanced platform that effectively helps enterprises:

  • Detect, disrupt, and prevent malicious attacks before they cause any major damage.
  • Monitor and track attackers’ actions to identify and stop intrusions.
  • Determine the root causes of threats.

Endpoint security plays a crucial role for businesses, ensuring critical systems, intellectual property, customer data, employees, and guests are protected from ransomware, phishing, malware, and other cyber attacks. Endpoint security products may contain features and functionality such as:

  • Data loss prevention
  • Insider threat protection
  • Disk, endpoint, and email encryption
  • Application whitelisting or control
  • Network access control
  • Data classification
  • Endpoint detection and response
  • Privileged user control

Difference between Endpoint Security and Antivirus

Antivirus is one of the components of endpoint security. Whereas endpoint security is a much broader concept including not just antivirus but many security tools (like Firewall, HIPS system, White Listing tools, Patching and Logging/Monitoring tools etc.,) for safeguarding the various endpoints of the enterprise (and the enterprise itself against these endpoints) and from different types of security threats.

More precisely, endpoints security employs a server/client model for protecting the various endpoints of the enterprise. The server would have a master instant of the security program and the clients (endpoints) would have agents installed within them. These agents would communicate with the server the respective devices’ activities like the devices’ health, user authentication/authorization etc., and thus keep the endpoints secure.

Whereas antivirus is usually a single program responsible for scanning, detecting and removing viruses, malware, adware, spyware, ransomware and other such malware. Simply put, antivirus is a one-stop shop for securing your home networks, and endpoint security is suitable for securing enterprises, which are larger and much more complex to handle.

Difference between Endpoint Security and Network Security

Endpoint security is about securing your enterprise endpoints (mobile devices like laptops, smartphones and more) – and, of course, the enterprise against the dangers posed by these endpoints as well – whereas network security is about taking security measures for protecting your entire network (the whole IT infrastructure) against various security threats.

The main difference between endpoint security and network security is that in the case of the former, the focus in on securing endpoints, and in the case of the latter, the focus is on securing the network. Both types of security are important. Ideally, it’s best to start from securing the endpoints and building out. You wouldn’t leave the doors to your home open, just because there’s a security guard out there, would you? In the same sense, both are important and should be given equal importance, starting from the endpoints and slowly building out.

In very simple terms, your network would be secure only if your endpoints are secured first. This you should make note of before starting to look for endpoint security and network security products.

Difference between Endpoint Security and Firewall

Firewalls are responsible for filtering the traffic flowing into and going out of your network based on ‘a set of security rules’. Like, for example, restricting traffic flowing into the network from a particular potentially dangerous website. Whereas endpoint security concerns itself not just with network filtering but performs many other tasks like patching, logging, and monitoring etc., for safeguarding the endpoints.

Both antivirus and firewall are crucial elements of endpoint security. Their objective remains the same, though the model adopted (client/server model) and the number of computers they protect differ. And within the endpoint security model, operating with other security tools, they become even more efficient.

Difference between Endpoint Security and Endpoint Protection

Both are pretty much the same. Their primary objective is the same – to safeguard the endpoints as well as the enterprise against the dangers they pose. But there is a subtle difference. Endpoint security usually refers to an on-premise solution. Whereas Endpoint Protection refers to a cloud-based solution.

An on-premise solution is a solution which has to be installed on the network for deployment and a cloud-based solution is one which is available in the cloud and enterprises have to subscribe to it.

Five mistakes companies make when securing their endpoints

Let’s see what the most prevalent mistakes are!

1. Keeping it basic

The first thing any how-to guide to security will tell you is that you need to keep operating systems up to date and install firewalls and antivirus solutions. Going one step further, some will suggest antimalware software as well. These however, while they are an indispensable part of any security strategy, are the most basic measures a company can take to protect its network and the sensitive data stored on it.

Many times, headlines-grabbing data breaches are the result of malicious outsiders, but only part of these cyberattacks are made using brute force and what are now considered conventional hacking methods. Many of them happen because of weak password practices or gullible employees that fall victim to social engineering.

It is therefore essential for companies to both educate their employees and put additional safeguards in place to mitigate potential outside interference in the workplace.

2. Forgetting about human error

A company’s employees are often its weakest link and not only when it comes to outside threats. This is perhaps the biggest mistake companies make when they develop their data protection strategies: they don’t take into consideration human error and the havoc it can wreak.

Employees can be negligent in the way they handle sensitive data, whether it’s its transfer, storage or use. They can accidentally email important data to the wrong sender or hit reply all on a long email chain that includes outsiders. They can post something publicly, leave their computer unlocked where others can tamper with it or forget altogether about sensitive data they at one point stored on their computers.

And while in some cases these can be minor errors with no consequences, other times they can cause significant problems. For example, storing sensitive data after it’s no longer needed or consent for its use has been revoked or its deletion requested is in direct violation of regulations such as the GDPR or CCPA.

Which is why it’s important that organizations also adopt Data Loss Prevention (DLP) solutions that focus on the protection of specific data rather than the overall system, making it easier for them to control its transfer and use.

3. Disregarding shadow IT

Another consequence of an overly-eager workforce is shadow IT or the use of unauthorized applications and IT services in the workplace. Whether aware of it or not, most companies suffer from shadow IT. From popular messaging apps to co-working spaces in the cloud, employees eagerly adopt new methods that will help them perform their tasks faster and more efficiently, oftentimes neglecting or, in some cases, consciously circumventing data protection measures. As a remedy, many companies block the installation of new programs on endpoints or the use of specific websites deemed insecure, but many times, they fail to catch them all.

The reason for the proliferation of shadow IT is fairly simple: employees prefer to ignore data protection measures if there are tools available that will lighten their workload. This of course can have disastrous unintended consequences: sensitive data can be stolen by third parties, made public or fall into the hands of unauthorized individuals, all major breaches of data protection regulations.

Unfortunately, because of the prevalence of internet-based services, completely getting rid of shadow IT is a daunting task which is why it’s easier for companies to simply adopt tools that directly protect sensitive data, rather than trying to guess the many tools their employees might be using behind their backs.

4. Ignoring data on the move

Today’s working environment is more flexible than ever. Portable computers allow employees to work from home or while on business trips, making it easy for them to perform their duties or deal with emergency situations regardless of where they are. However, it also means that endpoints and all the data they contain are taken out of the security of company networks, making them vulnerable not only to physical theft, but also insecure internet connections and tampering.

Companies sometimes focus all their attention on securing company networks and either completely disregard the threat posed by data on the move or enforce policies such as hardware encryption and VPNs that focus on outside threats. DLP protection on the endpoint can help organizations secure sensitive data even when their employees are on the move.

5. Not making the most of security solutions

Good security represents an investment for every company which is why they should make the most of what it has to offer. Unfortunately, that is not always the case. When it comes to DLP solutions for example, organizations that implement them company-wide sometimes fail to use their full capabilities. They do not define sensitive data clearly or misconfigured levels of authorization and exceptions, making it hard for DLP tools to be as effective as they can be.

Luckily, some DLP solutions do come with pre definitions for the most common types of sensitive data such as personally identifiable information (PII) or sensitive data protected under particular data protection regulations, but most companies also have their particular type of sector-specific sensitive data which DLP tools can help them protect if it’s properly defined through customizable policies.