Endpoint security management has become an area of much concern in recent years for a number of reasons, on top which are the ever-increasing incidents of hactivism/hacktivism, APT, and malware attacks and the proliferation of personal smart phones, tablets and iPads that employees bring into the workplace (related article: Bright and Dark Spots of BYOC).
The “security” part of the phrase “endpoint security” may be obvious to all, but the “endpoint” part could use a little explanation. The endpoint is a device on a TCP/IP network, especially one that is connected to the Internet; it can be a laptop, desktop PC, network printer, POS terminal, tablet, smart phone, or tablet. A more traditional (albeit self-referential) description of the endpoint from wireshark.org is: “the logical endpoint of separate protocol traffic of a specific protocol layer.” The network endpoint as we know it is dead, according to a published Microsoft report.
Endpoint security, to borrow the words in the same Microsoft report, is “the security of physical devices which may literally fall into the hands of malicious users.” This is a simplistic definition, but it quickly brings home the point. Because traditional endpoint security management has become inadequate, Microsoft came up with general recommendations more applicable to present realities:
- Develop a detailed plan for responding to a security incident, such as a social engineering attempt, DDoS attack against the network/specific hosts/applications, lost/stolen device, unauthorized use of system/network privileges or unauthorized account access, system-wide malware outbreak.
- Pay attention to support infrastructure systems, such as routers, firewalls, and similar assets.
- Identify the support persons to contact in case of endpoint security breach, and keep their contact details within easy reach.
- Develop simple and effective response procedures for each category of security incident, and get input from users affected by it.
- Keep abreast with emerging endpoint security technologies, and learn how to choose the one solution – among a myriad of offerings – that matches the requirement of a particular network environment.
- For BYOD – Create acceptable use policies.
- For privileged users at the device level – Define governance policies on: use of corporate assets; installation and use of third-party applications; and use of privilege management software for control of third-party application installation and enforcement of change control processes.
- On access of critical data stored in the cloud – Establish policies and procedures defining and stressing the importance of protecting sensitive/confidential information.
- For overall endpoint risk management – Improve collaboration between IT operations and IT security for better allocation of resources and creation of strategies to mitigate hacktivism, BYOD, third-party applications, and cloud computing risks.
- For endpoint security technologies – Choose an integrated endpoint security suite that has vulnerability assessment, device control, and anti-virus and anti-malware functionalities, after conducting risk assessments.
0 Comments