For many organizations, endpoint security remains the weak link in their security strategy. While organizations are able to ensure that endpoint clients are installed on company-owned assets, security becomes more challenging when workers use their personal devices for work-related activities. The organizational risks introduced several years ago by BYOD have been compounded as the number of critical business applications and the volume of data being accessed have grown rapidly as a result of ongoing global digital transformation (DX) efforts.
Of course, not all endpoint devices are the same, and each requires a somewhat different approach. Traditional endpoint devices, even those owned by employees, can still be required to install a security client in order to access network resources. Likewise, handheld devices such as tablets and smartphones can be protected using mobile device management (MDM) solutions. And even the most primitive IoT devices can be secured using proximity-based protections.
Like most security issues, success begins with laying the proper foundation. In the case of endpoint security, this begins with two fundamental strategies:
For endpoint devices that are actively engaged in accessing critical resources and producing, using, or storing data on the network—usually end user devices—there are a handful of baseline security requirements that need to be in place. While these might not apply to every device, they should be deployed wherever they can:
Endpoint security is not a one-size-fits-all challenge. Today’s organizations need to account for a wide range of endpoint devices, from laptops, to handhelds like smartphones and tablets, to IoT devices.
Laptops: Because laptops run the largest array of complex applications and workflows, they require the highest degree of security. This usually comes in the form of a local, cloud, or hybrid client. Regardless of how it is delivered, an endpoint security client needs to provide the following security functionality.
Start by looking at clients that have been independently tested and validated by third-party organizations such as NSS Labs. These organizations generally test to ensure that these clients can detect and stop a wide range of attacks, from common attack vectors such as web drive-by, phishing email, and evasion, to unknown and offline threats. Today’s sophisticated attacks also require advanced security functionality such as sandboxing and user and entity behavior analysis (UEBA).
Handheld Devices: For devices that cannot run a full security client, such as smartphones and tablets, organizations need to ensure that they have proper measures such as VPN, access control, multi-factor authentication, and MDM solutions in place.
IoT: While there is a growing range of IoT devices available, they can generally be lumped into three categories: End User IoT, such as wearables or appliances; Professional or Enterprise IoT, such as printers or security cameras; and Industrial IoT (IIoT) such as valves, sensors, switches, and inventory tags. Of course, there are others, like Medical IoT, but in general, while there may be some important differences, they can all be addressed with a similar approach to security.
The first commonality is that most IoT devices do not run a full operating system. Most are simply a collection of commands combined with a basic communications protocol. Because they are headless, it is not only impossible to load client software onto them, many also cannot even be updated or patched. Even more concerning, many of them include easily exploitable code or have back doors hardwired directly into the device.
As a result, security needs to be indirect. These devices need to be identified and segmented. Devices on you network temporarily need to be closely monitored, while more permanent devices also need to be protected using proximity software, such as a dedicated IPS and NGFW system, to quickly identify and respond to unusual or unexpected traffic either directed at or coming from any IoT device.
None of these solutions can operate effectively in isolation. Instead, any endpoint security solution deployed needs to be chosen both for its security efficacy as well as its ability to be woven into an integrated and holistic security fabric that spans the entire network.
Connected endpoint devices need to be seen and treated as part of your WAN rather than as something separate, and securing them requires tying them together with your full range of different security solutions. This enables threat intelligence and policy changes to be actively collected and analyzed, sophisticated threats to be identified, and the entire security fabric to collectively deal with threats through a single, coordinated response than spans seamlessly from the endpoint to the core to the cloud.