Friday, August 14, 2015


Endpoints are the ultimate goal for attackers. A compromised endpoint is used not just as a jumping-off point for a deeper penetration into the network but also as a source of valuable information. An endpoint can contain considerable information. For example, the source for many compromises of private personal information is the extraction of a spreadsheet from an endpoint. Endpoints, especially mobile devices, also contain identity information that can be used to launch future attacks.

The methods attackers use vary because they have many tools and avenues of attack. Multifaceted attacks require that cyber-resilient organizations deploy multiple layers of protection and that they utilize threat intelligence to thwart the attackers. Standard antivirus and access controls are not enough. Endpoint security must have strong protective technologies to include advanced anti-malware, bad-link awareness, identity protection, and data protection.

Anti-malware needs to be smarter to discover malicious operations. Endpoint protection can monitor the operations (processes, applications, and memory usage) of the endpoint to flag activities that are not standard and should be coupled with a knowledge base that can recognize activities that are consistent markers of attack and then protect the integrity of the endpoint.Users, for example, sometimes will "invite" malware onto a device by clicking on a link on a Web site, in an email, or embedded in social media content. Endpoint security works best when it can protect the user from taking an action that will expose the endpoint to a threat.

Reputation intelligence, for instance, can be used to warn or block someone from proceeding to a dangerous Web location or from opening a dangerous attachment. Self-protection benefits from encryption that secures data that resides on a device. Encryption offers another layer of protection by making critical information unusable should it be acquired by an attacker.

One of the most basic components of modern endpoint security is identity protection. Passwords alone are insufficient; identities should be guarded with a minimum of two-factor authentication at the network level or when accessing online applications. From there, organizations should look toward enhancing how they secure identities — making the security more user-friendly on mobile devices, protecting access to the myriad cloud applications that seem to grow daily, and increasing the security and control for IT — without impacting productivity. Having identity capabilities tied to endpoint security makes it easier for users to use and for organizations to enable advanced identity protection.

No comments:

Post a Comment