Where Has the Endpoint Protection Gone?
It has been axiomatic that effective network security depends on securing the endpoints of that network. But where those endpoints exist has become blurry with the rise of mobile devices. Is the risk in the hardware itself, or are the people using it the true endpoints of the network?
The Physical Endpoint
When a mobile device can be connected to the Internet from anywhere, endpoint protection for the device’s connection usually overwhelms security efforts. A device may connect from a public Wi-Fi hub as easily as from a secured internal POP. But the problems associated with the connection vary greatly depending on what form the connection takes.
Recognizing the problem of endpoint protection, the Defense Information Systems Agency (DISA) put out a request for information on next-generation solutions for securing endpoints early in 2015. It said that endpoints had evolved “to encompass a complex hybrid environment of desktops, laptops, mobile devices, virtual endpoints, servers and infrastructure involving both public and private clouds.” DISA noted traditional signature-based defenses can’t scale to cover federal agencies’ sprawling endpoint infrastructures or provide adequate endpoint protection, especially when the growth of virtualization is factored into the equation.
The User as the Endpoint
But things get complex rather rapidly. Even if the physical endpoints are somehow secured, the “2015 State of the Endpoint Report” from the Ponemon Institute found that the end users in an enterprise may actually be a larger threat to security.
The report noted that “the difficulty in managing endpoint risk is negligent or careless employees who do not comply with security policies. This is followed by an increase in the number of personal devices connected to the network (BYOD), employees’ use of commercial cloud applications in the workplace and the number of employees and others using multiple mobile devices in the workplace.”
Confirming this trend, 68 percent of the respondents in the study said endpoint security was becoming more important in their IT strategy as they moved forward.
If you consider partner organizations that have network access with an organization, such as service providers or contractors, the problem grows even more muddy. No matter how good the initial organization’s security may be, if its partners have problems in their endpoint security, attackers will find entry points.
Dealing With Murky Endpoints
What is the best way to deal with this problem? Pure policies likely aren’t the solution; 70 percent of the study respondents said the security policies they already have on the books were difficult to enforce.
Many organizations have ideas about where their security plans are headed, however:
- About 95 percent of study respondents said they will evolve toward a detect-and-respond strategy versus outright prevention.
- Seventy percent of respondents say their organizations will use big data to enhance endpoint security within the next two years.
- Sixty-four percent of respondents have added or plan to add threat intelligence to their organization’s security strategy.
Unfortunately, not every organization has the resources or employee skills to successfully implement these plans. That’s where managed security service providers can come into play. Third-party providers can provide highly qualified experts and the most sophisticated tools to carry out any security strategy.
Fixing Endpoint Protection
In many ways, the user problem resembles what happens with shadow IT. Users operate with the tools they want regardless of existing policies and may not even realize the endpoint security problems this creates. Remediation can follow the same approach as that for shadow IT: involving users in the selection of approved apps and techniques. Users need to buy in to the approved security methods.
Hardware endpoint problems have to be solved on a specific basis depending on the network. Having a detect-and-respond strategy, as the Ponemon study suggested, may be one of the only effective ways to deal with this situation. The endpoint may move, but management by exception will alert IT to the problem.