In the past 15 years, organisations have built up defensive
barriers for the servers and databases that house their most
sensitive data. But today's threats aren't restricted to the
datacentre - they have moved downstream, to endpoints outside the
protective cocoon, providing hackers an on-ramp to the network,writes Chris Schwartzbauer, senior vice-president atShavlik
Technologies.
The physical machines that are the endpoints in a
centrally-managed network include servers, desktops and laptops.
Representing the vast majority of machines in a network, all can
potentially host virtual images both online and offline, presenting
even more opportunity for the hacker. Add to this the proliferation
of USB drives, external hard drives and the like, and it becomes
obvious that protecting the datacentre no longer protects the
data.
In my opinion, the malicious targeting of endpoints is exposing
serious gaps in corporate security defences. Many security teams
continue to believe that properly configured routers, firewalls,
and antivirus software are the keys to good endpoint protection,
but threats are now able to bypass perimeter protection. One of the
reasons for this lies in an over-reliance on outdated antivirus
software.
Once a threat is in-house a hacker has little difficulty
locating and infecting unpatched or misconfigured machines.
Historically patching these endpoints has been too time consuming
for IT teams; particularly given their focus on the critical
servers. And they lack the visibility into these machines to know
when they have drifted away from corporate-defined configuration
policies. Yet the primary reason for endpoints to emerge as a
significant hole in corporate defences stems from the traditional
separation of duties in security practice.
Once the security team establishes perimeter-based protections,
the ongoing maintenance - system updates, signature updates, and
mitigation of problems found at the endpoint - are then the
responsibility of the IT operations team. This separation of duties
might be required for audit purposes, but the lack of integration
and automation between these tasks wastes hours of IT staff time,
while opening the gaps in system security.
What do you do? My advice is to ensure protection isn't limited
to the datacentre. Supplement Internet-facing protection with a
proactive approach that provides defence in depth for every
machine. This requires three critical responses:
1. Properly configure and monitor the configuration of your
endpoints
2. Correctly patch and monitor the patch status of your
endpoints
3. Utilise up-to-date real-time protection software; not just
reactive anti-virus
Addressing these issues requires a dedicated effort to take
stock of the tasks and develop processes specifically designed to
address them. After such an effort, IT can achieve efficiencies
through automation. Control will be established and maintained by
ensuring visibility into all systems on the network.
Clearly, the business of managing and securing endpoints is in
serious need of an overhaul.
The singular approach of using a cookie cutter,
one-size-fits-all anti-malware program to keep endpoints safe isn't
good enough anymore. Nor can companies afford the current processes
that require too much time, money, and IT staff to chase after
incidents or check on the status of the volumes of systems on the
network. Depth and comprehensive protection is required, while more
and better automation will be needed to be efficient, and provide
the visibility and control necessary to be effective. In the final
analysis, organisations won't be secure unless they can prove
endpoints are secure.