One of the biggest challenges facing organizations today is the need to respond quickly to an increasingly mobile workforce and customer base. Data and services are the lifeline between organizations and consumers as well as employees. To stay competitive, most organizations are embracing digital transformation, developing new tools and applications that provide faster and more seamless access to critical information, regardless of the device being used to access it. As a result, the weakest link in the security chain of today’s expanding and increasingly distributed networks is almost always the endpoint.
However, most IT teams treat endpoint devices separately from the rest of the network. Endpoint security is often applied to devices as an isolated solution, usually in the form of an antivirus solution or endpoint security package. Network security often begins at the point where an endpoint device touches the network. But with networks spanning multiple ecosystems, including multi-cloud infrastructures, a growing number of cloud-based services, and even Shadow IT, that demarcation point is becoming increasingly difficult to define and defend. Enterprises can no longer keep endpoint devices in a secure “walled garden” that is separated from the rest of the network.
These devices also increasingly combine personal and professional profiles and information. Which means that private activity can impact business organizations. Specifically, when they launch an app or connect to the network, the network is exposed to whatever viruses or malware that device has been exposed to in the off hours. According to one study, 63% of organizations are unable to monitor endpoint devices when they leave the corporate network, and 53% reveal that malware infected endpoints have increased in the last 12 months. In addition, 56% of those IT professionals surveyed also report that they cannot determine compliance for endpoint devices, while 70% report a “below average” ability to minimize endpoint failure damages.
Gartner predicts that 99% of the vulnerabilities exploited by the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident. Endpoint devices represent a major source for such exploits. The challenge is that network security cannot protect endpoints, or even adequately protect themselves from rogue endpoints devices, when those devices and their vulnerabilities exist outside of the corporate parameters.
To address this growing challenge, organizations need an effective endpoint security strategy that ties endpoint devices, including end user, host, and IoT devices, into the larger network security framework. Today:
The biggest challenge in selecting an endpoint security solution is finding one that can truly be integrated with the rest of your security infrastructure. An endpoint security tool that talks to your edge firewall is nice, but since network access has become ubiquitous at many organizations, many access points, especially those inside the network perimeter, as well as cloud-based services and Shadow IT applications, don’t connect through the firewall.
The first step towards establishing an effective endpoint strategy is to begin to leverage things like Open APIs, common management, orchestration, and analysis suites, or at the least, a centralized SIEM system to tie your various security solutions together. This common security fabric or framework is essential in extending visibility and control into the furthest corners of your distributed network.
Next is to determine the actual level of integration available. Just because an endpoint security tool is provided as part of a packaged bundle does not mean it is actually integrated. And even those that claim to be integrated often provide little more than the most basic services, such as being integrated into a common management tool that allows for things like configuration, event logging, and reporting. This is also inadequate.
Real integration begins with the ability to receive and share live threat intelligence. However, it also needs to be able to act on that intelligence once it is received. This includes such things as being able to confirm a threat, immediately raise flags to monitor for a live threat detected on the network, and even automatically adjust configurations and protocols in response to that threat.
Ultimately we should stop viewing end point devices as being separate from the rest of the network. The reality is, once an endpoint device connects to your network, it is part of your LAN/WAN. This means that you should be able to:
Endpoint security is the responsibility of far more than the endpoint or desktop IT team. In fact, it is required to be understood and leveraged by anyone who is responsible for the organization’s network security. These groups need better visibility, compliance, controls and response across the entire distributed network, including on and off network endpoints.
More than simply protecting individual devices, a true endpoint security solution continually assesses and ensures the integrity, confidentiality, and availability of enterprise data, network resources, and information systems.
Learn more about Fortinet’s NSS Labs Recommended Advanced Endpoint Protection Solutions.
Check out our latest Quarterly Threat Landscape Report for more details about recent threats.
Sign up for our weekly FortiGuard intel briefs or for our FortiGuard Threat Intelligence Service.
This byline originally appeared in CSO.