Endpoints are pretty straightforward, right? Usually they are desktop or laptop PCs or Macs. That was then, though, and this is now and those device limitations are, largely old school. Today, just about any device can be an endpoint depending on how it is used. That means that those PCs and Macs now have servers, mobile devices - and don't forget the latest buzz term - the Internet of Things as bedfellows. They all are endpoints and all need some form of security. Add such devices as SCADA components and things start to get even more tricky.
But I'm getting ahead of myself. Why the emphasis on endpoint security in the first place? The way we build networks these days is quite different from the way we used to build them. The extent of distribution of devices on the enterprise is unprecedented. The perimeter has become so porous as to be almost transparent in some cases. Market forces have forced organizations, such as banks, to do things that we never would have thought of in years past. For example, the idea of allowing users to access the internals of the network in a bank was unheard of. Today, we take pictures of checks and deposit them. We log into online banking systems and access backend databases. The slightest coding error in front-end web interfaces can spell unauthorized access to the backend.
Banking systems are by no means the only targets. Patient-monitoring devices in hospitals connect to the hospital networks and if the network is vulnerable so, potentially, are they. So the definition of an endpoint is a bit fuzzy around the edges these days. The old tried-and-true endpoint protection methods are not adequate. Fortunately, current systems are updating almost as rapidly as the devise they must protect. Even pure endpoint protection often is not enough, though, so we are back to our old mantra of defense-in-depth.
In that regard we are seeing endpoint protection systems that are a combination of perimeter and endpoint protection, the two working closely together. These systems are managed as a single security infrastructure, and the reporting, policy creation and monitoring are accomplished through close cooperation among the component parts. And, as we look at this product type, it is pretty important to recognize this cooperation.
An endpoint protection system has some pieces that are pretty important, and those pieces tend to work most efficiently in a distributed environment if they, too, are well distributed. Malware management, for example, no longer is exclusively reserved for the endpoint any more than it is exclusively the province of the gateway. However, because malware passes through the gateway in both directions - an attachment on a phishing email that then calls home, for example - we need multiple chokepoints to stop it and remove it from the enterprise before it spreads.
Regarding malware, we no longer depend on catching it as it enters. Current wisdom tells us that we should assume the enterprise to be - to some extent - infected. So it becomes a critical exercise in extrusion prevention. Again, this can be most efficient in a widely distributed environment by having an equally distributed security platform.
Endpoints also need to be managed centrally. Security policies may need to be pushed out to thousands of endpoints spread across continents and then updated and monitored continuously. New endpoints join the network constantly so there needs to be a method of provisioning them. In a widely distributed environment, centralized provisioning may not work. So, if your environment is like that be sure that you consider products that either self-provision or have some other means of provisioning endpoints on the other side of the globe.
The nature of your endpoints is important as well. Are there agents for all of the types of endpoints you need? Then we get to the notion of policies. Setting policies should be as straightforward as possible and the policies themselves should be responsive to your environment. For example, are there specific functions that you must manage at the endpoint in order to comply with regulatory requirements? And, consistent with that, what type of reporting do you need for compliance?
On the topic of compliance, being in compliance does not mean that you are secure. Applied here, that means that your endpoint security should keep you secure as well as meeting regulatory requirements. Finally, things change on today's networks rapidly as the threatscape changes rapidly. Your endpoint protection needs to be resilient to keep up with that. There are a lot of aspects to protecting the endpoints. We have focused a bit on malware protection, but encryption, data leakage protection, intrusion prevention/detection and access management, among others, all are well managed at the endpoints in a large network.