As networks continue to grow in size, so invariably does the number of endpoints grow – all of this makes endpoint threat detection more difficult than ever. At the same time, so too does detecting them become ever more important. As such, a very reasonable question – asked by CISOs everywhere – is: how vulnerable is my IT infrastructure?
Large companies as victims of security breaches are now a common occurrence in news headlines and Paul Nelson, writing for Informationsecuritybuzz.com, argues that traditional signature-based endpoint protection solutions are no longer sufficient to protect against the advanced persistent threats (APTs) and Zero-Day attacks that are now commonplace.
The way forward is to implement IT analytics solutions that are able to detect abnormal activity. The ability to leverage a combination of visibility and historical data to generate alerts is key to reducing the impact of an attack before it has a chance to spread.
Endpoints are now more than just the old-school desktop computer, with a multitude of devices, tablets and smartphones connected to any one network. Especially with the increased use of BYOD policies, more and more endpoints are vulnerable to attack. Employees’ devices are harder than ever to secure and are often outside the direct sphere of influence of a company’s security procedures.
The good news is that there are some ways to mitigate this threat in an increasingly mobile world, argues Dewayne Adams in Patriot-Tech.com. This can be done by optimizing your network for endpoint threat detection in the following ways:
Analyzing the network: This will need to be done from the inside out and needs to be thorough. Carefully review your network and identify all potential endpoints and vulnerabilities.
- Once the network has been fully understood, you will need to identify all the potential ‘holes’ where breaches could occur. It is important not to forget about virtualization, which can create many endpoints from a security perspective.
- Make sure your endpoint management solution fits your company’s unique needs. What technologies do you have in place to help with this? How does your company verify that connected devices are using compliant standards? This can be much more difficult than it seems.
- Finally, does your organization identify compromised endpoints? You will need to know what endpoint security solutions you have in place to neutralize any threats as they are discovered.
Once a procedure like the one above (taking your own unique needs into account, of course), is established, then there will be much better network visibility and greater actionable intelligence at your fingertips to help protect your network. Remember that nearly all major security incidents are the result of human error or deception. It would be lax to leave anything to chance, so it is imperative that awareness goes hand in hand with well documented security policies that are properly enforced.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”