IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Thu, 1st Oct 2009
FYI, this story is more than a year old

Why you need endpoint security protection and policies. – Scott McKinnel, Check Point, Regional Director, Australia and New Zealand.

What are the major threats that endpoint security can mitigate against?

The emergence of more powerful laptops, smartphones, PDAs and USB keys, coupled with well-organised criminals motivated by financial gain, means endpoint threats are now more sophisticated and are targeting mobile devices and the data residing on them. The risk now lies in the fact that these devices are physically less secure than corporate assets.

Moreover, this risk is multiplied when you consider the increased storage capabilities and value of information on these devices. Phishing, keyloggers, ‘drive-bys' and botnets, used alone or in combination, can allow a thief to take control of such a device, access corporate networks or retrieve personal data.

How have web-based threats affected endpoint security requirements?

The dominant threat to endpoint security now combines characteristics of historically effective attacks with new, more elusive methods of delivery and infection which exploit the web-browsing habits of users. Too many enterprises overly rely on traditional endpoint protections and assume they already have sufficient internet security to prevent web-based attacks.

In fact they remain insufficiently protected. Today's attacks require a third-generation solution that combines the benefits of traditional security controls with web-focused controls that thwart attacks from today's dominant vector for security exploits. How important is it to manage staff behaviour in conjunction with endpoint security?

Managing staff behaviour becomes even more important in conjunction with endpoint security, as the mobile devices that have become standard issue for the ‘corporate warrior' are the same devices that increase an organisation's vulnerability to data loss and theft. Additionally, this extends to how employees treat information and data when inside the corporate network's protection, such as sending information via email.

How can you do this?

You can manage staff behaviour by revisiting and updating the security policy and procedures that staff should follow, and ensure they are published and well-known. These updates should be done by measuring the value of data which lies on each application and device.

Why has endpoint security become more important over time?

Historically, organisations have focused their security stance on the physical and network layers, as data resided within corporate walls in physical form, or electronically behind a firewall. Endpoint security came to the fore once high-value IP and data was taken outside the corporate walls on portable devices. Most organisations have not considered these to be ‘endpoints', although they are often the places where the most valuable information is stored.

Organisations need to ensure uniform levels of data protection, regardless of where the data resides. What are the stages of implementing a data leakage prevention policy? Ensure that any corporate data which needs to be removed from the building is protected so that it can't fall into the wrong hands. Encrypting data on mobile devices eliminates the dangers associated with loss or theft.

Secondly, ensure that data doesn't leave the building without your knowledge by investing in a port control product, which can automatically block USB devices from being connected to your systems without authorisation.

Finally, implement or update your corporate policy so that it clearly states who is allowed to take data off-site, and how the data must be protected when it's away from your premises. This can be done by setting up user accounts on servers and workstations so that employees can't access information which they have no need to see.

How can you prevent portable devices from becoming compromised if lost?

If a portable device is lost or stolen, the hardware itself does not represent the majority of the compromised value, but rather the data stored within. Encryption solutions can protect these portable devices from data theft if lost or stolen.

How can you secure wireless internet access from the endpoint?

Because web-based attacks can occur the moment the user encounters a website, endpoint protection solutions cannot passively wait for malware to transfer from the internet to the device. Choose a product that adds a security layer at the device-level, regardless of whether that device accesses wireless or wired internet.

Remote Access VPN also enables secure remote access to corporate resources by encrypting and authenticating data transmitted during remote access sessions, whether users are connected to a LAN, wi-fi or GPRS network. An industry-leading firewall also blocks unwanted traffic, prevents malware from infecting endpoint systems and makes them invisible to hackers.

Why has content filtering at the endpoint become so important?

Many breaches of security and loss of high-value IP are through deliberate or inadvertent leaks; thus organisations are employing products that inspect content as it moves across the network and enforce policies so that confidential information doesn't escape the walls of the enterprise.

What other layers of security should be employed, besides endpoint security, when securing a computer network?

There are essentially three layers of security: physical, network and endpoint security. To date, most efforts have focused on the first two. The majority of businesses have a decent level of protection on the network, but limited endpoint security, apart from malware protection. Organisations should bring their endpoint security stance in line with existing investments, and protect information and data regardless of where it's kept.

How can managed services help with endpoint security?

Managed services companies exist for all aspects of endpoint security, from data leakage protection companies through to security policy consultants. Organisations can benefit from engaging these services to avoid implementing products with specific functionality before knowing what policies should be in place and where data leakage can occur within their business.