Protecting endpoints, alleviating fears
Enterprises should apply best practices for patching, which require test environments for any systems that are included in patch management endeavors. The enterprise should use policies to automate pushing tested patches out to devices, which should occur within a week of satisfactory test completion.
Perform this patch testing and promotion to production for as many systems as you can, at least including popular browsers, applications, and operating systems. Vendors offering endpoint patch management solutions include Lumension, IBM, and Symantec. “There are simple tools like Ninite that can help update an endpoint based on the application’s update needs,” says Lowing. Ninite is not a Promisec product.
Establish better control of applications. As with any security tool, it is unlikely that application control products will suit your endpoint environment out of the box. Administrators will have to learn and configure the software and its settings as these apply to each endpoint. Simply purchasing the product and throwing it in your network will not work.
To adjust application control to your device fleets, roll blacklisting/whitelisting tools gradually in order to address the unique needs of each endpoint and to appropriately deny applications by default. The enterprise should augment application controls by proactively validating any changes in the environment (file, registry, driver); the enterprise should do this by identifying the type of change using the latest threat intelligence services, Lowing instructs.
By maintaining a pristine backup image that includes the device OS, applications, device policy, and controls that are required for that endpoint, the enterprise will have a reference point for spotting change. Application controls and blocking can defend against any detected, unauthorized change based on differences between the image and the contents of the live endpoint. The enterprise should actively update this golden image baseline as new patches come out for optimal control and reduction of the attack surface, Lowing recommends. Application blocking can help address Shadow IT, which includes unauthorized BYOx.
If and when IoT devices have the energy capacity and other resources to serve as a foundation for endpoint-based security technologies, the ones you should look for include IDS/IPS, which you would in this case install on each device. Network IDS/IPS together with reputation data from a mature threat intelligence solution would target attackers attempting to control IoT devices today. In one example, an advanced threat intelligence solution examines network traffic using sandboxing and detection engines to pinpoint viruses, malware, command and control servers and transmissions, and any signs of threats, according to Cabrera.
Though endpoints are a burgeoning attack surface that is sprawling ever further, the benefits and profits simply from IoT and mobility, for example, continue to outweigh the risks. Enterprises will have to extend themselves to ensure they are taking full advantage of the proper use of existing security measures that do help. Companies should continue to urge vendors to produce increasingly advanced endpoint specific security options.
Sign up for MIS Asia eNewsletters.