The concept of computer security has only recently shifted from individual services, such as installing and operating virus and network firewalls on individual terminals, to interconnected and integrated services. These interconnected and integrated services aid organizations in not only terms of functionality but also efficiency. The need for and importance of endpoint security was demonstrated in 2003 by the SQL Slammer worm (which caused extensive damage to network systems).
The SQL Slammer worm is a computer worm that was able to spread rapidly, infecting most of its 75,000 victims within 10 minutes. It caused a denial of service on Internet hosts and dramatically slowed down general Internet traffic. Although the program was titled "SQL slammer worm", it did not use the SQL language. Rather, it exploited two buffer overflow errors in Microsoft's newest SQL Server database product (Gehringer, Edward F).[1]
Any device connected to a network is considered an endpoint. These can be devices such as PC desktops, laptops, servers, appliances, workstations, tablets, mobile devices, VoIP devices, and any other physical computer-based tool your organization is currently using to support your organization’s needs. With the growing popularity of BYOD (bring your own device) and IoT (Internet of Things), the number of unique devices connected to an organization's network can quickly reach tens of thousands. As access points increase, so do the targets for your adversaries' threats and malware.
Endpoint security is an approach to ensuring the security of your network by fully protecting your organization’s endpoints or access points from being exploited by malicious agents for end-user devices. Modern Endpoint Protection Platforms (EPPs) offer interconnected and integrated services to aid organizations in not only terms of functionality but also efficiency. Endpoint Protection Platforms (EPPs) work by examining files entering a network and rely on roles such as application control, data loss prevention (DLP), port control, sandbox/browser isolation, endpoint detection response (EDR), and the like (Vacca, John R).[2]
Protection is the priority for Endpoint Security (EPS) solutions when it comes to potential threats that could impact devices. These preventative functions include:
- “Virus protection
- Antimalware protection systems
- Packet variant prevention systems
- Encryption protection
- Data loss and recovery systems
- Browser exploits protection
- Application whitelist capabilities
- Behavior monitoring
- Cyber threat protection
- Mobile and desktop system protection
- Multilayer network protection
- Prevention, detection, analysis with immediate response functionality
- Passive and active (real-time) capabilities” (Vacca, John R).[2]
The EPP provides a central console for administrators which is installed on a network gateway, or server, and allows cybersecurity professionals to remotely monitor the security of individual devices. The client software is then assigned to each endpoint. The client software can then forward terminal updates as needed, verify authentication attempts on each device, and manage corporate policies from a single location. EPPs protect endpoints with application control and encryption. Once an EPP is configured, it quickly detects malware and other threats. Another solution can also include endpoint detection and response element (EDR). EDR capabilities allow for the detection of more advanced threats, such as multifaceted attacks, fileless malware, and zero-day attacks.
“When considering purchasing and implementing an Endpoint Unified Security Platform, Risk Assessment Evaluations should be conducted first to identify the vulnerabilities found in all levels of your infrastructure environment. Discussions with management and the security support teams should be conducted with careful planning in mind. Investing in security has good business justifications, but not when the expense is so large in platform purchasing and resource allocation that impacts a company’s budget to the limits. Having a third-party subject matter expert and audit assessor specializing in security design should be strongly considered as your business takes on this initiative” (Vacca, John R).[2]
The endpoint protection platform is a vital part of corporate cyber security for several reasons. First, in today's business world, data is often the most valuable asset of a company. Organizations are having to deal not only with more and more endpoints but also with more and more types of endpoints. These factors alone make security difficult and are exacerbated by teleworking and BYOD (bring your own device) policies. The spectrum of threats is also becoming increasingly complex. Adding the opportunity cost of resource redistribution to business threats, the cost of a reputation for large-scale breaches, and the real financial cost of compliance breaches, it is easy to see why protection platforms are essential to the security of modern organizations. The steps for endpoint protection are as follows:
- Identify Risks,
- Set Standards,
- Frame Policies,
- Endpoint Initiative,
- Implement, and
- Lifecycle Management.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] Gehringer, Edward F. “Study Guide.” Slammer, NC State University
[2] Vacca, John R. Computer and Information Security Handbook. Morgan Kaufmann, 2017
Comments