Browse by year:
May - 2009 - issue > Technology
How best to secure your Endpoint
Bhaskar Bakthavatsalu
Saturday, May 2, 2009
Until a few years ago Information security was not a priority for many organizations. With the advent of the Internet, it has created a world without boundaries. With these changes the threat landscape evolved and information security became the need of the hour. Today, identifying security challenges and specific security threats to your data have become very crucial. The counter-measures used to mitigate each threat are equally challenging. It is a known fact that malicious code “phoning home”, worms, intrusions, outbound attacks and botnets, have become common.

Perimeter is not what it used to be mobility has made the network porous. From a business perspective mobile devices are a productivity tool and a business necessity but from a security perspective a significant threat. This has necessitated formulation of a security strategy and policies in place that keeps mobile devices locked down and mobile data protected. There exist numerous back doors in today’s network and data is often left unprotected to defend for itself. Data has many enemies from Spyware to Removable media. Personal devices of individual users and misuse of company owned devices and resources through P2P applications and Web mail pose serious threat. Complicating matters are increasing instances of lost or stolen devices. Industry analysts estimate that between 1,500- 3,000 laptops are stolen each day.

While threats continue to increase, so do the number of endpoint security applications and management consoles to manage these numerous applications. It is common for enterprise PC to run separate security agents for antivirus, desktop firewall, anti-spyware, and file or disk encryption software, each centrally managed by a single-purpose console. It is not possible to cut cost or do away without securing imperative data. If one uses the multi-agent approach, it makes it costly and time consuming for administrators to update, monitor, test, and manage security policy for these applications, including all the required software and signature updates.

Every business organization would want to have a control over their endpoint security. They would need to implement a centralized, unified approach to resolve most of their endpoint related security issues. Most of the organisations would want to invest in endpoint security once and for all because it is cost effective, saves time and most of all since it is centralized, a unified approach to addressing critical endpoint security makes business environment more secure.
Here are six endpoint security essentials for companies to shore up their defences:

Mitigate Malware

According to Kaspersky Labs, nearly 20,000 new malware outbreaks were reported from January to July 2007. Potentially, that means 20,000 new, hard-to-find endpoint security problems. These problems aren’t limited to viruses, rootkits, and proxies. Distributed denial of service attacks fall into this category, too. The best ways to limit these destructive processes are to block attacks with heuristic and behavioural-based antivirus and anti-spyware, complemented by effective program control, which is important to mitigating malware because not only can it block known malicious programs running on endpoint PCs, but it also can help control programs such as peer-to-peer file sharing applications that are increasingly targeted to compromise endpoint systems. With hundreds of thousands of programs on the Internet that could wind up on corporate PCs, defining and enforcing a security policy regarding which programs to allow or deny can be very time consuming. Therefore, an essential function of program control is the ability to automate most policy decisions, so IT staff does not have to spend time researching programs. Ideally, this is done via a knowledge base of known good and known malicious programs from which a best-practices policy on whether they should be allowed or denied can immediately be applied.

Protect Data

It is very phenomenal for employees to move in and out of the company, and thus it is an inevitable reality that should drive companies to deploy full-disk encryption and keep endpoint data locked down and secure. This practice not only secures corporate secrets, it keeps sensitive information completely protected in the event of loss. And this is even more important today with strong personal privacy laws now requiring disclosure of security breaches when personal information is breached. If a laptop is lost or stolen with a fully encrypted drive, companies can avoid disclosure of the breach, as well as damage related to corporate reputation if the news makes the headlines. Encrypting hard drives is not enough, though. Enterprises must also consider threats posed by removable media such as USB flash drives, iPods, and Bluetooth devices. First, these devices can carry viruses or other malware. Second, they can be an easy way for sensitive data to leak outside the business if not properly protected. Some of the best practices for endpoint security are to apply policy for both: controlling device access, scanning the content of allowed devices to ensure there are no viruses present, and encrypting data on these devices so the data remains protected.

Enforce Endpoint Policy Compliance

Even if you have the best technologies to mitigate malware and secure data, endpoints can still be compromised if virus signatures or service patches are out of date. That’s where network access control (NAC) comes in. This technology helps secure networked endpoints prior to allowing them network access. It does this by including preadmission endpoint security policy checks for endpoint devices to ensure that they meet the predefined security policy, such as having current antivirus software or the latest patches. If protection is adequate, access is granted. If not, the technology quarantines endpoints and facilitates remediation to help install the proper updates.

Enable Secure Remote Access

With computing devices more mobile than ever, it’s critical to lock down the connections by which users are logging into the corporate network. The very best endpoint security solutions incorporate this kind of secure remote access effortlessly—through the same interface with which users log in. The best approach here is a remote access agent—users log in once, and everything they do from then on occurs in a secure space. Storing credentials in this agent also makes it easy for users to access sites with different connectivity requirements. And there are other reasons to consider a solution that offers a remote access agent with essential endpoint security functions: Minimizing overall agent footprint, including CPU and memory utilization, to help ensure endpoint systems run smoothly; Eliminating duplicate management tasks and engineering test cycles associated with software updates—standard for two or more agents; Ensuring interoperability between remote access and NAC functions, helping streamline policy checks for remote users authenticating through a gateway.

Streamline Security Management

On the back end, it’s important to centralize endpoint security management so that administrators can use one console to configure endpoints, administer policies, monitor performance, and analyze data from the network as a whole. This isn’t only about making life easier for administrators; it’s also about reducing maintenance costs of managing and updating a multi-agent solution. Unification also helps improve security audit support by unifying, standardizing, and automating reporting functions. In best-case scenarios, administrators can even deploy baseline security policies using predefined policy templates.

Minimize End-user Impact

Finally, even the most hardened and efficient endpoint security solutions shouldn’t sap bandwidth or processing power from other important end-user functions. With this in mind, the best strategies embrace unified agent with small footprints and low memory utilization. Transparency in other areas is also important—ideally, an endpoint security solution should be so silent in its protection that users don’t even see an icon in their system trays. For users, the bottom line is functionality and ease-of-use and for administrators, security should be paramount.
In addition to mastering these six endpoint security essentials, it’s critical for administrators to keep their network security posture current. One way is to task specific personnel with the job of keeping tabs on the latest threats. An easier way is to use a service that charts threats and potential problems automatically. There should be a focused, professional effort towards improving security posture and improving the quality of application-policy decisions while minimizing the need for end-user involvement. End user involvement should be limited to educating them on the risks involved with malware and loss / theft of mobile devices. There is a need to sensitise end user on how their actions can result in security breaches, these can be achieved through training to instil good security practices.

Bhaskar Bakthavatsalu is the Country Manager Indian & SAARC of Check Point Software.
Share on LinkedIn