The Ponemon Institute has found that 68% of organizations have experienced one or more endpoint attacks that compromised data and/or their IT infrastructure. And that same percentage of organizations also found that the frequency of endpoint attacks had increased over the previous year. This showcases the growth in attacks, and also that the variance and complexity of attacks are evolving and growing year-over-year.
With the importance of endpoints continuing to increase, ensuring endpoint security compliance has become more important and challenging than ever. As a result, organizations must have a comprehensive endpoint compliance strategy. Toward that end, I’d like to look at three areas (or rings) that can help IT and security teams rule endpoint compliance.
What do we mean when we say endpoint compliance? To combat rising threats, organizations must continuously monitor and assess the “Device Security Posture” of all endpoints to ensure they comply with regulatory requirements, as well as industry and cybersecurity standards. The security architecture should align with a company’s internal policies for access, threat detection, and zero-trust. That means reducing exposure from endpoints, patching and protecting endpoints everywhere in real time, as well as the ability to quarantine devices.
Lack of compliance opens companies up to cyberattacks and a damaged reputation, and also loss of productivity because of slow and inefficient systems, as well as fines imposed by regulatory bodies. Penalties for attacks resulting in breaching HIPAA or GLBA compliance can result in fines over $100,000. In fact, most endpoint attacks occur from some form of lack of compliance or just a lack of company best practices – whether it is unpatched software on a device, an inadvertently open management port, or insufficient protection of PII.
Recently we have seen an increase in business email compromises. There have been recent cases of an unpatched vulnerability that lets attackers quietly monitor an email string and then access it at the right moment – with the right knowledge – to convince finance departments to wire money to a fake account. If that unpatched endpoint vulnerability had been identified earlier with an endpoint security solution (and been compliant), the attack would have been mitigated immediately. Without a strong and compliant endpoint security posture, many doors are left open to compromise.
How can organizations ensure endpoint security compliance?
The first step to meeting requirements with regulations such as PCI DSS, HIPAA, SOX, and more is understanding details about your system. To do this, organizations should consider three major areas, or what I like to call the three rings of endpoint compliance. When working together they help ensure proper endpoint security and management.
First Ring: Software Compliance
The Ponemon study found that 57% of cyberattack victims report that their breaches could have been prevented by installing an available patch. Even more shockingly, 34% of those victims knew of the vulnerability, but took no action.
This lack of action very well could have stemmed from the sheer volume of emerging attacks, or by simply not having a comprehensive endpoint patching strategy (backed up by the right solution or tool). Patch management is crucial to software compliance. But given the rising numbers of vulnerabilities, it’s often a daunting task for IT and security teams.
Patch management is the process of distributing and applying updates to software. Patches are released following software launches to fix any vulnerabilities or threats. Patches are often necessary to correct errors and vulnerabilities in software, as threats are continually evolving. A major source of threats arises from a lack of organizations enforcing software updates that could protect against emerging threats.
Endpoint software compliance ensures that organizations comply with regulatory frameworks to gather information about endpoints to help achieve compliance easily. By ensuring an effective patch management process, organizations can keep their environments compliant and protected from exploitation. Today’s solutions deliver cloud-based tools that allow security teams to streamline and automate this process, eliminating the tedious manual tasks associated with traditional patch management.
Second Ring: Configuration Compliance
Once the team completes software patching, it’s time to address hardware and software configuration at endpoints. Configuration compliance centers on establishing and continuously maintaining proper configuration on all devices as required by regulatory mandates, industry benchmarks, or internal policies. Without proper configuration compliance, companies can’t easily track and monitor threats across devices. Similarly, configuration compliance can assist in streamlining and simplifying reporting both for regulatory processes and general threat detection.
The process can have multiple steps, but typically consists of the following steps:
- Take a thorough inventory of endpoints, such as servers, laptops, virtual machines, mobile devices and networking devices.
- Ensure all systems are configured in line with applicable compliance standards and internal security policies.
- Continuously monitor those configurations for inappropriate or unwanted changes and mitigating configuration drift.
- Create reports for compliance audits.
Tangentially, this also includes ensuring processes for the team members using these devices. Of course, ensuring internal practices to protect their devices over public networks, but also change management. Ensuring that laptops are cleared of all important data before new team members join the company, as well as ensuring departing employees no longer have access to vital documents and programs.
Third Ring: Security Compliance
Now, it’s time to consistently monitor for other security vulnerabilities. Security compliance for endpoints largely consists of the continuous scanning of network devices to identify weak points and vulnerabilities. This means testing for vulnerabilities from outside the network, as well as inside, to ensure robust visibility of any weaknesses.
A typical scan will reveal vulnerabilities by finding weak spots and misconfiguration issues that put sensitive data at risk of getting stolen or altered. It will also mitigate risk, by letting IT take control of security compliance through every single device throughout an organization. Finally, it will continually ensure security from vulnerabilities by checking for open ports, disabled firewalls and checking antivirus status. Having a compliant security posture will also let companies meet the requirements of government and industry regulatory policies.
Once vulnerabilities are detected – either missing patches, faulty configuration, or out-of-compliance devices – it’s important to have an effective and easy to use tool to remediate the faults. Modern endpoint security tools include elements of SOAR technology, making it possible to process remediations for large groups of devices without the typical manual work load.
Historically, the functionality of each ring has required a separate tool. However, consolidation has continued across the security industry, and products have emerged that deliver one comprehensive platform for endpoint security and compliance. Doing this all through a single pane of glass/unified console lets organizations comply with regs while eliminating gaps in visibility and avoiding productivity and profit loss caused by disparate solutions. A single solution also allows for the reduction of agent software. Each agent introduces a possible attack vector, while unifying and consolidating tightens the attack surface.
Ashley Leonard, chief executive officer, Syxsense