Complete endpoint security can no longer be ignored and a “good enough” security strategy is no longer good enough. Historically, building a complete and integrated endpoint security program was too often at the bottom of an IT manager's list, or something that was viewed as too costly or “a project for next year.” But in today's world, we are constantly reminded of the criticality of endpoint security as more companies are breached and hacker groups announce their latest ploys on a daily basis.
The nature of threats is changing too. No longer are hackers simply targeting random individuals just for fun with a mischievous attack. Instead, hackers are now part of organized initiatives (or even foreign governments) working to exploit your company's and its customers' data for financial gain and to wreak havoc on your business. In addition, attack vectors are more complex than ever – often employing multiple types/styles of malicious code to attack end-user systems.
In short, today's threat environment is extremely daunting – whether you're a small start-up or a large enterprise. And the myriad of point products and odd security vendor solution mash-ups in the marketplace doesn't make matters any easier. However, there are several pieces of functionality that you should look for in order to arm yourself with a unified threat management strategy.
- Know who/what/where. Your security policy should be fluid based on the type of end-user and their environment. The ability to adjust security settings based on users' job functions and environment (i.e., the corporate network, an end-user's office or an airport) is a basic concept every security policy should employ.
- Couple AV. Contrary to popular opinion, AV is not dead, but if you use it as a standalone defense, your reputation could be. You must couple AV with additional functionality because as your only defense against malware, AV is wholly ineffective. Rather, it must be integrated with additional, more proactive threat protection solutions.
- Patch, patch, patch. Simple in theory, but you'd be surprised how few IT technicians actually follow the process and use the tools needed to be successful here. Perhaps it's due to the fact that while patching is simple in theory, it can become overwhelming if you're talking about doing it on a machine-by-machine basis. Not to mention the fact that complexity can escalate quickly if you have multiple types of platforms and a wide range of applications. But bringing software into the mix changes everything. With an integrated patch management tool, this process is made exponentially easier with far fewer points of redundancy. You can deploy patches to thousands of machines with more efficiency and significantly higher success rates.
- Black, White and Grey. Many solutions report to have blacklisting capabilities. But attempting to continuously block every potential threat/application is not realistic in this day in age. You're better off permitting only the good stuff – i.e., pre-approving which applications can run or whitelisting. You then can monitor application behavior. By looking for potentially harmful activity and pre-approving known applications, you'll achieve a grey area. And in this case, that's a good thing. Better yet, tie the approval to trusted deployment systems and make your life even easier.
- It's all in the HIPS. A host-based intrusion prevention system monitors your systems for sketchy activity. It then logs information about this activity, attempts to prevent it, and records the incident. The capability to not only track malicious activity, but to log it enables you to better secure your network and take a more proactive stance in safeguarding in the future – by identifying types of bugs and patterns.
