Endpoints: The Beginning of Your Defence

The term endpoint conveys a terminus — the end of the journey. However, for IT endpoints, be they computers, mobile devices, servers, point-of-sale terminals or an ever growing myriad of other devices belonging to the Internet of Things (IoT)......nothing could be further from the truth. Endpoints are where data is created, processed and stored in most cases. It is exactly where the attackers want to gain access so they can begin to steal your data.

The Last Line of Defence?

I still see a lot of clients who when considering IT security, see the endpoint as the last line of defence. However, given that the goal of any cyberattack is to gain access to a vulnerable endpoint, and that all breaches will ultimately involve at least one endpoint, protecting and fortifying endpoints should be where an organisation’s IT security program starts.

Every endpoint connected to your system is a point of vulnerability and it takes only one compromised endpoint to allow attackers to infiltrate the entire infrastructure easily, particularly since a lot of corporate networks are designed as flat open Local Area Networks. Once they’re inside, it is difficult to find and remove them.

It can ultimately be very painful, especially if they steal valuable data and you are then required to disclose the loss to the regulator, causing reputation damage to the company brand.

By having strong endpoint security as the first line of defence, you bypass searching for the needle in the haystack and instead prevent the adversary from putting the needle into your haystack in the first place. To protect the network, each endpoint must be securely managed. This is accomplished through the continuous discovery of connected endpoints, monitoring their status and automatically remediating any problem to eliminate vulnerabilities in real time.

Winning the Race

Maintaining security patches can vastly reduce the attack surface area, but the rate of new patches is so high now that it's not always possible to have all endpoints fully patched, before an attacker tries to exploit a new vulnerability.

Attackers take advantage of this window of opportunity between the time a patch is released and when it’s successfully applied across the entire spectrum of an organisation’s endpoints. When a patch is released, cybercriminals gain full information on exactly how to exploit the vulnerability. They can then create weaponized exploit code within hours of the publication of a flaw’s technical details.

Vigilance must be maintained after a vulnerability is disclosed. IBM’s threat intelligence research group, X-Force, continues to see campaigns targeting vulnerabilities months after the initial exploitation frenzy has subsided. Quickly and accurately installing patches to all your endpoints vastly reduces the opportunity for attackers to gain entry to your network through endpoints.

Opportunities to exploit an endpoint aren’t just possible due to an operating system or application vulnerability; this could also be accomplished if the endpoint is out of compliance with your security policy. Over time, endpoints drift away from a safe state to one laced with inaccuracies.

This drift is generally the result of human error. Users will introduce configuration errors, disable or remove security controls, install unauthorised software or inadvertently allow malware to be installed when they click on a malicious link. In fact, the “2015 Cyber Security Intelligence Index“ states that nearly a quarter of attacks were made possible by inadvertent actors. Maintaining a safe and secure environment requires that endpoint configuration settings be monitored so that deviations are identified and corrected as soon as possible — even if the insiders are unaware of what’s going on.

First Line of Defence

Endpoint protection is an important cornerstone of your security posture. It’s the first line of defence in a multi-layered IT security strategy. A viable endpoint security solution maintains endpoints in a fortified state. It discovers endpoints connecting to your corporate network, including those that you have had no prior awareness of. It accurately interrogates the endpoint status to provide up-to-the-minute visibility into problems and provides immediate enforcement by pushing down patches or configuration updates. And if an automated remediation capability isn’t possible, the solution should quarantine the endpoint to limit its ability to cause damage.

Ultimately, the confidence to make endpoints your first line of defence requires real-time visibility, continuous policy enforcement, scalability and automated remediation.