illustration of a pad lock on displayed on a secure circuit board

Getting Serious About Endpoint Security

25 Oct 2016 by Diana Rose Brandon

Last Friday’s internet of things security breach, in which a cyberattacker exploited everyday objects in an attempt to break the whole internet, is a good reminder for all of us to review our security protocols, all the way down to our endpoints. The main problem with the devices used in the attack was that they lacked any real, robust security features. Easily-guessed user names and passwords were compromised, allowing the hacker to take control of millions of internet-connected devices. Connected devices are crucial endpoints that can allow unauthorized access into your vital data when they are not properly secured.

What is endpoint security?

Endpoint security can be defined as making sure devices like tablets, notebooks, smartphones and printers comply with company policies before they are granted network access. Data center servers can also be included in this definition. Basically, you can consider any device that connects to the network as an endpoint in need of being secured.

Endpoint security is different from antivirus software. Endpoint security software starts with the main client, is distributed to devices and is then usually managed from a command post within an enterprise or midsize company. A company’s central server hosts the software and regulates what devices can connect to the network based on log-ins, detected file types and more.

Antivirus software is hosted on a computer and eliminates detected viruses from that particular device. Keeping updated antivirus software on a computer will keep the virus from spreading once that device is connected to the internet. Antivirus software is typically one component of the larger endpoint security software suite that a company should run.

An easily overlooked endpoint: Printers

In the past, most companies felt that their environment was secure if they had a high firewall established. They trusted that all the devices inside it were OK. Now, security teams are realizing that everything that touches their network needs to either be secure or have a security policy established with it. Company networks are hostile environments — just consider how many phishing emails get into employee inboxes and launch malware.

Conversations with IT professionals regarding printer security are changing. Security teams are now driving more conversations around printing and are also involving corporate C-suite executives. As a result of rising cyberthreats, senior executives are more willing to invest everywhere necessary to ensure their environments are secure.

A 2015 Ponemon Institute report stated that 64% of IT managers believe their printers were infected with malware, and that 56% of enterprises ignored their printers in their endpoint security strategy. With that in mind, companies like HP are building printers that include security measures. New features such as detection and “self-healing” recovery from attacks, whitelisting of known and accepted firmware, and Run-time Intrusion Detection, which provides in-device memory monitoring for attacks, are now standard features on HP LaserJet Enterprise and OfficeJet Enterprise X printers with HP PageWide Technology. HP also offers a policy-based printer security compliance solution called JetAdvantage Security Manager, to help create an entire security system around its printers.

How do you get reliable endpoint security?

The threat landscape is escalating rapidly in both numbers and complexity. Today, targeted attacks and zero-day vulnerabilities are the two most common advanced threats. A zero-day vulnerability could result in more attacks, since anyone could easily leverage a malware toolkit that’s readily available on the internet. Moreover, zero-day vulnerabilities are discovered only after they are exploited by attackers.

Chart showing the global number of new malware variants added annually from 2013 to 2015 (in millions)

It’s easy to get lost in the stats and lose sight of one of the key points of reliable protection — malicious attacks are designed to enter your environment from many different vectors. Staying ahead of today’s sophisticated threats requires a combination of core and next-gen technologies. Some of what’s considered next-gen tech include detection and response tools that reinforce traditional security solutions, enhanced monitoring for suspicious activity, automated remediation tools that boost anti-virus software, and big data collection and analytics that offer proactive protection.

The newest endpoint security software available is Symantec Endpoint Protection (SEP) 14. SEP includes powerful and highly effective essential technologies to ensure basic endpoint protection, and automated response workflows to systematically disinfect, remediate and restore infected endpoints. It also includes advanced technologies like behavioral and reputation-based analysis to detect advanced threats.

This endpoint protection update not only offers these next-gen technologies, but goes beyond them. Within the Symantec Endpoint Protection update is the introduction of Advanced Machine Learning, which works both on the endpoint and in the cloud. It’s most useful for detecting unknown threats or variants of known malware. Symantec Endpoint Protection 14 is also scalable to enterprises that have infrastructures as diverse as their global locations may be. It’s built to accommodate different operating systems, platforms and applications, and can easily integrate into the existing environment using automation to maintain a high level of protection and response. And, this software update also carefully balances protection with productivity, meaning it won’t slow down your network or your end users.

The future of endpoint security.

As the definition of “endpoint” evolves to include items like POS devices, smart cars, wearables and employee-owned mobile devices, security measures will also need to evolve to stay ahead. Especially since attacks both on mobile devices and originating from them are now a reality. Going into 2017, we can also expect to see an influx of sophisticated breaches targeting high-value data like credit card numbers and user network usernames and passwords. Attacks both on mobile devices and originating from them are now a reality, as more complex cyberattacks on the internet of things will be.

As a result, we’ll need to get smarter about protecting legacy systems, including everything from manufacturing systems to our power and telecommunication infrastructures — things that were created before mobile devices, IoT security issues or cyberthreats. And if we’ve learned anything else from the Dyn attack, it’s that you really should stop using admin and root as access credentials.