Sitting at the end of a network point or at any of the nodes of a corporate network, are countless PCs, laptops, smartphones, tablets or even equipment such as barcode readers and scanners. Each one of them is a security threat for the enterprise network.We now talk of endpoint security that includes firewalls and anti-virus software that resides on the server and is updated frequently. Such endpoint security is now including intrusion detection and behaviour blocking devices that constantly monitor devices and check for activity typically initiated by the rootkits – such action is also being related to anti-virus on the cloud.This security check works by validating the credentials of the person logging on to the network and then allowing him or her access to the network, once the device has been checked for vulnerabilities and compliance to network security requirements. Devices that do not comply, are given limited access or quarantined and requires intervention through the network administrator.However, the solution is not as simple as it sounds. Every day, over 200,000 websites are produced, with 90% of them associated with suspicious activity. Endpoint users access these websites for legitimate reasons, unwittingly opening the window to vulnerabilities. Fresh solutions are therefore needed to close these windows.
Malware, for example enters the network through some of the newer mobile platforms and Juniper Networks Malicious Mobile Threats Report 2010-11 reports over 400% increase in Android malware between June 2010 and January 2011. Even if your firewall is strong, it can be quickly compromised by an unprotected endpoint device. Large corporates are losing close to 2.2 % of their annual revenue because of security attacks. There is no point in shutting the vulnerability window once the virus has entered the network. By the time a patch is written to combat the virus or Trojan or spyware or malware, the damage would already have been done.
What should be done?
Security on the cloud stops vulnerability where they originate. One must install central endpoint solutions rather than installing security applications on each and every device.
Provide role based access to the network to enable employees to get their job done.
Ensure corporate information is deleted from endpoint devices that are lost or misplaced – over 5% of such devices are usually lost in large corporations, every year.
Provide centralized access to applications so they can be provided with the latest security protection.
Your administration console should be web-enabled to provide centralized management from any location.
8 security threats anti-virus will not stop.
If there is an over-riding reason to install endpoint security, here it is – traditional anti-virus cannot stop these threats:
Zero Day Threat – the only way to protect yourself from previously unknown security vulnerability, is to add defences on top of the signature based antivirus protection.
Working outside the firewall – Now that people travel more often and log onto the internet from remote locations (airports, restaurants, home), the best way to protect yourself would be to add location-aware client firewalls to every endpoint device.
The unpatched PC – Make sure that any computer you allow onto your network has all the latest patches and anti-virus updates in place. An unpatched vulnerability in a browser, application or operating system can cause enormous problems.
The uncontrolled application – If you allow everyone on the network to install their choice of applications, you not just slow down the performance of the network, but also introduce the difficulty of having to protect all those applications. One way to stay protected is to prevent users downloading applications that are not relevant to their area of responsibility.
Web insecurity – Reputation filtering and scanning web pages for malware is the only way to protect yourself from criminals wanting to infiltrate your network.
The lost laptop – While the laptop can be replaced, lost data cannot be. The best practice is to encrypt data so that sensitive information does not fall into the wrong hands.
The misdirected email – By installing data loss prevention software, one can ensure that sensitive data does not fall into the wrong hands through a simple email ID error.
The infected USB device – Since the USB port bypasses firewalls, it is an easy entry point for viruses. Using device control specifies which USB device users are permitted to plug into PCs and Laptops, thus minimizing risk.
It is necessary to take every possible precaution, even at the risk of irritating users, who object to the rigorous checks and permissions that are needed, in order to project the network. Only by keeping endpoint vulnerabilities in check, can one safeguard sensitive corporate information from falling into the wrong hands.
Vijay Bharti is the Chief Information Security Officer (CISO) and Senior Vice President of Cyber Security practice at Happiest Minds Technologies. He brings in more than 20 years of experience in the area of IT Security across multiple domains like Identity and Access Management, Data Security, Cloud Security and Infrastructure Security.
His recent work includes building Security Operation Center frameworks (including people, processes and various SIEM technologies) where he is working on building an integrated view of security and ways of leveraging advance analytics and big data innovations for cyber security.