Getting Serious About Security Breaches with Endpoint Protection
In the recent Internet of Things (IoT) security breach (CNN), a cyberattacker attempted to break the whole internet. Current cyberattacks like this are a good reminder for all of us to review our security protocols ─ all the way down to our endpoints.
The main problem with the devices exploited in the attack was that they lacked robust security features. Easily-guessed usernames and passwords were compromised, allowing the hacker to take control of millions of internet-connected devices for their own purposes. It’s not clear whether it resulted in a data breach or the hacker(s) were simply flexing their muscles to test vulnerabilities. Regardless, the cost of disrupted business continuity is always far-reaching.
What is endpoint security?
Endpoint definition: an endpoint is basically an internet connected piece of hardware like a laptop, computer, tablet, printer, smartphone, thin client, or even a POS system. With the scope of ever-expanding smart devices in modern workplaces and homes, almost anything can be an endpoint. These connected devices can allow unauthorized access into your vital data when they are not properly secured.
Endpoint security means making sure these devices comply with company policies before they are granted network access, to prevent a costly and dangerous security breach. Endpoint protection includes more than just antivirus software. Endpoint security software starts with the main client, is distributed to devices and is then usually managed from a command post within an enterprise or midsize company. A company’s central server hosts the software and regulates what devices can connect to the network based on log-ins, detected file types and more.
Antivirus software is hosted on a computer and eliminates detected viruses from that particular device for data breach or malware protection. Keeping updated antivirus software on a computer will keep the virus from spreading once that device is connected to the internet. Antivirus software is typically one component of the larger endpoint security software suite that a company should run.
An easily overlooked endpoint: Printers
In the past, most companies felt that their environment was secure if they had a high firewall established. They trusted that all the devices inside it were OK. Now, security teams are realizing that everything that touches their network needs to either be secure or have a security policy established with it. Company networks are vulnerable environments — just consider how many phishing emails get into employee inboxes and launch malware.
Conversations with IT professionals regarding printer security are changing. Security teams are now driving more conversations around printing and are also involving corporate C-suite executives. As a result of rising security breaches, senior executives are more willing to invest everywhere necessary to ensure their environments are protected.
A 2015 Ponemon Institute report stated that 64% of IT managers believe their printers were infected with malware, and that 56% of enterprises ignored their printers in their endpoint security strategy. With that in mind, companies like HP are building printers that include security measures. New features such as detection and “self-healing” recovery from attacks, whitelisting of known and accepted firmware, and Run-time Intrusion Detection, which provides in-device memory monitoring for attacks, are now standard features on HP LaserJet Enterprise and OfficeJet Enterprise X printers with HP PageWide Technology. HP also offers a policy-based printer security compliance solution called JetAdvantage Security Manager, to help create an entire security system around its printers.
How do you get reliable endpoint security?
The threat landscape is escalating rapidly in both numbers and complexity. Today, targeted attacks and zero-day vulnerabilities are the two most common advanced threats. A zero-day vulnerability could result in more attacks, since anyone could easily leverage a malware toolkit that’s readily available on the internet. Moreover, zero-day vulnerabilities are discovered only after they are exploited by attackers.
It’s easy to get lost in the stats. For example, Figure 1 shows that the number of new global malware variants increased by just over 70% from 2013 to 2015. But don’t lose sight of one of the key points of reliable protection — malicious attacks are designed to enter your environment from many different vectors. Staying ahead of today’s sophisticated threats requires a combination of core and next-generation technologies. Some of what’s considered next-gen tech include detection and response tools that reinforce traditional security solutions, enhanced monitoring for suspicious activity, automated remediation tools that boost anti-virus software, and big data collection and analytics that offer proactive protection.
The newest endpoint security software available is Symantec Endpoint Protection (SEP) 14. SEP includes powerful and highly effective essential technologies to ensure basic endpoint protection, and automated response workflows to systematically disinfect, remediate and restore infected endpoints. It also includes advanced technologies like behavioral and reputation-based analysis to detect advanced threats.
This endpoint protection update not only offers these next-gen technologies, but goes beyond them. Within the Symantec Endpoint Protection update is the introduction of Advanced Machine Learning, which works both on the endpoint and in the cloud. It’s most useful for detecting unknown threats or variants of known malware.
Symantec Endpoint Protection 14 is also scalable to enterprises that have infrastructures as diverse as their global locations may be. It’s built to accommodate different operating systems, platforms and applications, and can easily integrate into the existing environment using automation to maintain a high level of protection and response. And, this software update also carefully balances protection with productivity, meaning it won’t slow down your network or your end users.
The future of endpoint security.
As the definition of “endpoint” evolves to include items like POS devices, smart cars, wearables and employee-owned mobile devices, security measures will also need to evolve to stay ahead. Especially since attacks both on mobile devices and originating from them are now a reality. Going into 2017, we can also expect to see an influx of sophisticated breaches targeting high-value data like credit card numbers and user network usernames and passwords. Attacks both on mobile devices and originating from them are now a reality, as more complex cyberattacks on the internet of things will be.
As a result, we’ll need to get smarter about protecting legacy systems, including everything from manufacturing systems to our power and telecommunication infrastructures — things that were created before mobile devices, IoT security issues or cyberthreats. And if we’ve learned anything else from the Dyn attack, it’s that you really should stop using admin and root as access credentials.