Pity the IT professional responsible for maintaining endpoint security. If you were to ask them how much more complex their job is today versus 10 years ago, what would they say? It's twice as hard, 10 times as hard? More?
Unfortunately, trends indicate this is not going to change anytime soon. The complexity of endpoint security is going to grow exponentially as far as the eye can see.
In the last 10 years, attacks have been infiltrating more entry points, happening more frequently and are more camouflaged and complex than ever. Additionally, they are no longer attempted for the “sport of it” – as in the days of “simple” denial of service/crash-based attacks. Today attacks are financially motivated, sophisticated and seek to steal important corporate information and customer data.
Finally, when you consider the fact that the “average days to exploit” – the time in which vulnerabilities in IT systems are exploited – has decreased from two months to two weeks to real time – it's no wonder that security professional feel like the odds are stacked against them. And the trends don't help.
- Information theft is now the province of multinational crime syndicates. Many corporate network intrusions are targeted attacks aimed at personal information and intellectual property theft, and are launched from inside and outside the organization. These attacks are usually detected after the intruders are long gone.
- The vectors of data loss are multiplying: Notebook PCs are still the most common, but removable mass storage devices— particularly the ubiquitous and easily concealed USB drives—and ad hoc wireless network bridges are gaining fast.
- Today's attack strategies focus on exploiting the vulnerabilities of applications, including browsers, office productivity tools, media players, backup software and even security software.
- Malware innovation continues to accelerate.
Drive to security maturity
In light of these trends, IT personnel need to take more of an integrated approach to protect their environments, rather than the traditional approach to buy more point products. Mature companies recognize that adding more point products can only make them feel more secure rather than be more secure. As these companies increase their awareness of how to build a more secure environment, they recognize the need to employ new technologies that make breaching their networks more difficult.
This drive for security maturity motivates many IT departments to implement a layered security approach to reduce risk – the best first step. In addition, IT departments often strive to integrate their layered security strategy with operations to increase efficiency, as well as to move them toward achieving compliance with regulations, such as PCI or FDCC. Integration is attractive not only for fostering efficiency, but also because it eases the effort of managing what applications are allowed on the network.
Implementing a multilayer endpoint security strategy as the first step toward security maturity will require the IT department to deploy a diverse range of endpoint protection, management and defensive capabilities, all of which should be capable of fully automated operation.
In reviewing a layered approach, organizations should consider and examine the unique functionality that can work in an integrated and coordinated manner. In determining the criteria for a multilayered approach, IT professionals should consider the following capabilities at a minimum:
Hardware and software discovery: Organizations should implement solutions that provide the convenience and transparency of real-time, subnet-level discovery technologies that easily identify, locate and inventory computer assets, assess their configuration and management status, and determine whether a local firewall is enabled.
Vulnerability detection and intelligent patch management: Look for solutions that provide integrated vulnerability assessment, patch research, download, staging and distribution capabilities for operating systems and applications in heterogeneous IT environments.
Versatile anti-malware protection: It seems obvious, but any solution will need to provide a world-class anti-virus solution to deliver protection against viruses, worms, trojans, spyware, rootkits and other malicious code, with hourly updates. It should also deliver anti-virus for mail servers to add another protective layer to endpoint security to safeguard your corporate mail servers against external threats, prevent virus outbreaks within corporate networks, and filter out unsolicited email.
Personal firewall: Use them. Endpoint firewalls limit access to authorized networks or IP addresses to ensure increased system protection and dramatically reduce the potential for effective system attacks.
Data protection: A device control manager (DCM) allows an IT organization to set confidentiality policies and then identify policy violations and potential data leaks easily.
Host intrusion prevention (HIPS) and application control: HIPS can provide a variety of non-signature-based malicious code defenses and application control to supplement anti-virus and anti-spyware systems and to defend against zero-day exploits. Behavior-recognition techniques can block malicious activity. Application control gives administrators a powerful tool for controlling the applications that execute on systems and specifies which behaviors approved applications are allowed to perform.
Whitelisting: You can maintain a whitelist of applications your company deems acceptable, and block other applications that can contain malware which would infect your environment.
Location-aware policies: You can define trusted and un-trusted networks using location-aware functionality and then set the policies for the entire enterprise. The ability to define location-aware policies lets you “loosen the reins” or tighten security policies when your employees move off the enterprise network, providing a balance between productivity and security.
Built-in compliance and ROI reporting: Any solution should provide the ability to track and document the progress and ROI of security initiatives with a variety of reporting options.
Moving up the security maturity curve
The bottom line on endpoint security is that today's threat environment is extremely dynamic and interconnected. The only practical and survivable defensive strategy is to deploy multiple layers of protective technology, carefully chosen for tight integration, central management and convenient automation.