There is a cartoon where the two characters are out to take over the world. One character, reminiscent of a Dr. Frankenstein, has a new and increasingly complicated scheme in each episode. His sidekick, sort of like Igor, goes along enthusiastically. The plots, of course, always fail. They could have achieved success if they had built their nefarious plans around mobile devices. Why? Social media.
The explosion of social media has done several things. It has emboldened folks who would like to do harm and do it as invisibly as possible. The social media platforms offer a fluid venue populated with users who either don't know or don't care about security. In fact, many social media users feel that security impedes their process.
While it has given businesses a way to keep contact with customers and potential customers for pennies instead of tens of thousands of dollars, it also has provided a marketplace for applications that can be written and sold without any concern for their impact on users. I have heard knowledgeable people offer the opinion that app stores are the single most successful source of malware on the internet.
Whether all of that is true and the sky really is falling or it's just the ranting of over-zealous security practitioners doesn't matter. However you explain, characterize and justify it, the internet has become a fertile field for the bad guys. The levels of naïve trust, exhibited in the social media is, in my view, unprecedented in the history of mass communications.
"New endpoints join the network constantly so there needs to be a method of provisioning them."
The problem, beyond the obvious possible impact on Joe and Jane User, is that these nice folks probably either work for a living or are associated with people who do. The “harmless” use of social media spreads throughout the internet and cares little if the participants are Joe and Jane or the Massive Big Company. They're all swimming in the same pond and they all are susceptible to breaches that involve social media use.
And how do most people use social media? Mobile devices. These are the same mobile devices that store personal photos and music, give users access to email, and connect to such unsecure locations as file-sharing site Dropbox and its ilk, and store copies of business documents for convenience. So, that is what this month's first Group Test is all about. We will look at four of the best tools for managing the security aspects of mobile devices by enforcing security policies.
It is foolhardy to expect a bring-your-own-device (BYOD) policy to succeed – as with any policy – without a means of enforcing it. This month's first group of products help you do that and, by extension, help you overcome the risks associated with combined personal and business use of the same mobile device, increasingly, a device the organization does not own.
For our second group test, we examine the endpoints. Endpoints are pretty straightforward, right? Usually they are desktop or laptop PCs or Macs. That was then, though, and this is now and those device limitations are, largely old school. Today just about any device can be an endpoint depending upon how it is used. That means that those PCs and Macs now have servers, mobile devices and don't forget the latest buzz-term: the Internet of Things as bedfellows. They all are endpoints and all need some form of security. Add such devices as SCADA components and things start to get even more tricky.
But I'm getting ahead of myself. Why the emphasis on endpoint security in the first place? The way we build networks these days is quite different from the way we used to build them. The extent of distribution of devices on the enterprise is unprecedented. The perimeter has become so porous as to be almost transparent in some cases. Market forces have forced organizations such as banks to do things that we never would have thought of in years past. For example, the idea of allowing users to access the internals of the network in a bank was unheard of. Today we take pictures of checks and deposit them. We log into online banking systems and access backend databases. The slightest coding error in front-end web interfaces can spell unauthorized access to the backend.
Banking systems are by no means the only targets. Patient monitoring devices in hospitals connect to the hospital networks and if the network is vulnerable so, potentially, are they. So the definition of an endpoint is a bit fuzzy around the edges these days. The old tried and true endpoint protection methods are not adequate. Fortunately, current systems are updating almost as rapidly as the devise they must protect. Even pure endpoint protection often is not enough, though, so we are back to our old mantra of defense-in-depth.
In that regard we are seeing endpoint protection systems that are a combination of perimeter and endpoint protection, the two working closely together. These systems are managed as a single security infrastructure and the reporting, policy creation and monitoring are accomplished through close cooperation among the component parts. And, as we look at this product type, it is pretty important to recognize this cooperation.
An endpoint protection system has some pieces that are pretty important and those pieces tend to work most efficiently in a distributed environment if they, too, are well distributed. Malware management, for example, no longer is exclusively reserved for the endpoint any more than it is exclusively the province of the gateway. However, because malware passes through the gateway in both directions – an attachment on a phishing email that then calls home, for example – we need multiple chokepoints to stop it and remove it from the enterprise before it spreads.
Regarding malware, we no longer depend upon catching it as it enters. Current wisdom tells us that we should assume the enterprise to be – to some extent – infected. So it becomes a critical exercise in extrusion prevention. Again, this can be most efficient in a widely distributed environment by having an equally distributed security platform.
Endpoints also need to be managed centrally. Security policies may need to be pushed out to thousands of endpoints spread across continents and then updated and monitored continuously. New endpoints join the network constantly so there needs to be a method of provisioning them. In a widely distributed environment centralized provisioning may not work so if your environment is like that be sure that you have considered products that either self-provision or have some other means of provisioning endpoints on the other side of the globe.
The nature of your endpoints is important as well. Are there agents for all of the types of endpoints you need? Then we get to the notion of policies. Setting policies should be as straightforward as possible and the policies themselves should be responsive to your environment. For example, are there specific functions that you must manage at the endpoint in order to comply with regulatory requirements? And, consistent with that, what type of reporting do you need for compliance?
On the topic of compliance, being in compliance does not mean that you are secure. Applied here that means that your endpoint security should keep you secure as well as meeting regulatory requirements. Finally, things change on today's networks rapidly as the threatscape changes rapidly. Your endpoint protection needs to be resilient to keep up with that. There are a lot of aspects to protecting the endpoints. We have focused a bit on malware protection but encryption, data leakage protection, intrusion prevention/detection and access management, among others, all are well managed at the endpoints in a large network.