31 March 2017
Blogs by author: Rob Daniels, General Manager of Security Portfolio Strategy, BT.
It used to be simple for organisations to protect devices at work. But here’s how mobile working has made endpoint security more critical than ever.
Securing a more mobile world.
You’re probably reading this on a mobile device or a laptop. That’s the way we all work now, and security controls must protect us (as well as the sensitive data we access) across a seemingly infinite permutation of locations, devices and content types.
This is the device and content challenge for today’s information security professionals — and the bad guys know it.
When we all worked in an office every day, organisations could protect our devices and the data we shared and stored on them by enforcing security policies from within the corporate network.
But enabling access to an organisation’s intellectual property and confidential information from wherever and whenever business users need it has created potential security gaps.
In response to these blind spots, many organisations have chosen to reduce the risk of users unintentionally accessing a malicious site, or downloading malware and viruses that compromise the network, by loading agents onto each and every device.
Enabling effective endpoint security.
For some of our customers, that’s a lot of additional software. In our experience, this device-centric approach to endpoint protection comes with a heavy administrative price tag — introducing cumbersome, resource-intensive maintenance.
It also creates challenges to the consistent application of necessary controls — just when security resources seem stretched to the limit. But there is another way…
New, innovative technology and access to specialist skills are helping organisations build more effective prevention capabilities across the exploding number of endpoints.
For organisations that want to enhance detection and response consistently — without impacting device performance, or adding complexity and cost — there’s now an alternative approach.
Avoiding the myths of endpoint protection.
The first rule of endpoint protection is don’t blame business users. Some IT professionals like to portray people doing their jobs as naive innocents — whose random, careless clicks are the root of all malware and ransomware risks. This underestimates both business users and attackers.
Cyber criminals are not just wandering around the internet, trying virtual car doors until they get lucky. They’ve been refining their techniques for more than 20 years. From new phishing techniques to application exploits, the latest well-planned and highly targeted attacks can deceive even the most cautious and savvy users.
So how do we learn to defend ourselves against the unknown? To stay one step ahead, it’s important to start with protecting each layer of the endpoint — including your network, applications, critical data and identity security. You can then build this out across all your endpoints and business environments.
Tackling the sophistication of cyber attacks.
There have been improvements in security awareness training that can alert users to the most obvious, clumsy attempts to lure them into clicking on links or opening attachments. Despite this, determined criminals who target specific groups — HR professionals for example, by embedding malware into credible-looking CVs — will still succeed.
The legal profession is equally under attack, with a particular focus being senior partners in law firms managing corporate mergers and acquisitions.
The Financial Times reported that by using the ‘outsider trading’ knowledge gained from email conversations about five publicly traded companies involved in major deals, attackers were able to profit to the tune of around $4m once the transactions were announced.
If attackers are trying their luck with a known exploit, endpoint agents may be able to block it going any further. But with this much to gain — the FBI reported that, in the last three years, scams that target senior executives alone have swindled $2.3 billion from global business — we are seeing a marked increase in sophistication.
Check Point Threat Intelligence and Research recently encountered a spear phishing campaign that demonstrated abilities that surprised even their technical teams — including evading detection by traditional sandboxes.
This increase in attack sophistication (not just in understanding user behaviour, but in evading
traditional, signature-based and sandboxing controls) is the challenge that Check Point and BT are working with their clients to resolve efficiently.
Putting an end to ineffective endpoint protection.
The SANS Institute spending trends review 2016 reveals that endpoint is the third-biggest area of security spend, but currently languishes at 15th place in terms of perceived effectiveness. We believe that this dissatisfaction stems from three common contributory factors:
1. Gaps in cloud security strategy.
Today, as companies move increasingly to the cloud, employees are taking advantage of being able to access data remotely from any device, anywhere. This means more and more sensitive data is traveling across cloud infrastructures to our laptops and mobile devices. As organisations extend their network, the attack surface increases. Endpoint security needs to be fully integrated into an overall cloud security strategy to be effective.
2. Lack of a common security goal.
In many organisations we talk to, different teams maintain network security and endpoint security. This can lead to dislocation in security processes, which creates unnecessary vulnerabilities.
3. Zero-day threats.
Companies relying solely on signature-based antivirus leave their endpoints exposed to the increasing volume of zero-day threats coming from sophisticated hackers. While signature-based antivirus still has a role to play, it needs to complement solutions that can identify potential malware from suspect data. Many of these solutions take advantage of the cloud’s raw computing power for analysis rather than burdening the endpoint.
Bringing together the beginning, middle and endpoint.
To address these issues, organisations need a single, central endpoint-protection infrastructure and policy-enforcement mechanism that does not hamper users, or impact the performance of their machines.
By redirecting endpoint traffic to the cloud, all the security logic can be applied centrally, rather than on each individual device. If an organisation needs to make changes, these can be applied centrally in the cloud, giving users real-time protection — not only from known viruses, bots, malicious files and websites, but also by detecting unknown malware.
So many breaches begin at the endpoint that many organisations have understandably reacted with a pure device-based approach, hoping that this would build their detection and prevention capability.
But choosing to treat endpoints as a separate element has created an inefficient hole in the middle of too many security infrastructures. You need to treat endpoint security as part of your overall integrated strategy, and set it to work in tandem with a traditional device-based approach for laptops.
Staying one step ahead with endpoint protection.
By giving security administrators the power to enforce, manage, report and educate users from a single console, you can reduce complexity and cost by integrating endpoint into a coherent network architecture.
No more running around the endpoint, as you can efficiently deploy and remediate devices and confidently maintain compliance with company policy. No gaps. No duplication.
Talk to your account manager about how a BT and Check Point managed endpoint solution can give you up-to-date protection for every laptop user working outside your security perimeter.
Discover more in our endpoint webinar with Check Point. Watch it here, and read our previous blog to discover the biggest gaps businesses often find in their endpoint security.