Endpoint security or Endpoint Protection
Endpoint security or Endpoint Protection is a technology that takes an upper hand to protect computer networks that are remotely bridged to users' devices. The use of laptops, tablets, mobile devices and other wireless gadgets connected with corporate networks creates vulnerability paths for security threats.[1][2] Endpoint security attempts to ensure that such devices follow a definite level of compliance and standards.[3]
There are many types of computer security threats in this world. Some are pretty harmful while some are totally harmless although annoying. There are also some which does not do any damage to your computer, but has the capability to empty the numbers in your bank account.
If you are really interested to find out these threats, I have 28 of them here and do get yourself a cup of coffee before you start.
Six ways to improve endpoint device security
Endpoint devices are often the root cause of data breaches. Expert Eric Cole explains the best ways to improve endpoint protection.
FROM THE ESSENTIAL GUIDE:
Tackle endpoint defense issues to obtain the best endpoint security
GUIDE SECTIONS
Strategy
Mobility
Management and response
We constantly hear about big data breaches and large-scale compromises, but did you ever step back and wonder what...
the root cause of many attacks is? Very often, the endpoint device was the initial point of compromise that allowed for lateral movement into the network, creating additional damage. While it is important to have a properly designed and secured network, the endpoint is often the last line of defense. With endpoint device security in place, the damage can be thwarted. In order to protect the endpoint, here are some actionable steps that minimize the chance of compromise.
Never log in as administrator
Users should never log in as administrator and never have administrator rights for their systems. In the past, performing basic tasks like installing software required administrator access, but a lot has changed with newer operating systems. With most operating systems, clients can still have the basic functionality they need to perform their jobs without logging in as administrator. Consider that if a user requires administrator access, maybe what he is trying to do is not required to perform his job function.
Uninstall unnecessary software
Client operating systems and applications are focused on making sure everything works properly on the system. Therefore, most default installations contain extraneous software that is not needed to run the system. Very often the extraneous software is what is targeted by the adversary and used as a point of compromise. Uninstalling or removing unnecessary software can reduce the attack surface and minimize exposure.
While it is important to have a properly designed and secured network, the endpoint is often the last line of defense and with proper security in place, the damage can be thwarted.
A patch is the vendor telling the world there is a vulnerability in its software; therefore, the longer a system goes unpatched, the bigger the exposure window is. While patching is always a challenge, uninstalling unnecessary software will reduce the patch surface and make patching easier. While centralized patch management is key within an organization, it is important to remember traveling laptops. If a system is off the network, it may miss the automatic patching cycle of those on the network.
Run application whitelisting
Controlling and managing what software can run, and verifying the integrity of that software, is critical to having a secure system. While application whitelisting does require a paradigm shift in many organizations, it is a valuable and scalable way to protect the endpoint. It does take some work to create a holistic list of all approved software, but it is well worth it, as having a locked down system creates a very difficult target for an adversary.
Filter out dangerous executables
A large amount of malicious content often enters a network as email attachments or Web downloads. Running attachments and downloads through filtering proxies that do not just examine the code, but run them in an isolated security sandbox, can allow for early detection of malicious code, thus filtering it before it enters the network.
Run dangerous applications in virtual machines
Two of the most dangerous applications are Web browsers and email clients. A significant amount of damage is caused by those two applications alone. One trick to dealing with dangerous applications, including Web browsers and email clients, is to run them in separate isolated virtual machines. If the content is dangerous, only the virtual machine will get infected and not the host. Once the virtual machine closes, all of the malicious code goes away. While it is better if the system never got infected, with this approach, an infection is contained and controlled for a short period of time, thus minimizing damage.
Utilize thin clients
While not scalable in all environments, utilizing thin clients is an effective way to control the damage. The problem with a traditional operating system is it only gets reinstalled when new hardware is rolled out, which is typically every three years. Therefore, if the system becomes infected, it stays infected for a significant amount of time. With a thin client, every time the system is turned on, the user receives a new version of the OS. Now if the system gets infected, it is only for a few hours, not several years.
What exactly does “endpoint” refer to these days?
In simple security terms, an endpoint can be any device that has the capability to connect to your network. Common examples include desktop computers, laptops, smart phones, tablets, printers, and point-of-sale (POS) terminals, etc.
Of course, if we take into account IoT “smart” devices the scope of that list can expand dramatically to include anything from your thermostat to your refrigerator to your car. Unless specified otherwise, for the purposes of this guide we’ll be focusing on the more traditional endpoint devices called out in the first list.
0 Response to "Endpoint security or Endpoint Protection"
Post a Comment