Organizations spend a percentage of their budget on information security-related technology, training and personnel. This technology helps information security teams identify and respond to incidents, both large and small, and continually adapt to the changing threat landscape.
However, many information security programs often overlook the need to ensure that the end users, the non-information security employees, understand the trustworthiness of the devices they connect to the organization’s network.
User access to the network is usually verified – we are all familiar with the username and password method of authentication. While this is still is an effective way to authenticate the user, this does nothing to verify the integrity of the user’s endpoint (whether that’s a PC or mobile device) when connected to the network.
Managing the Risks Introduced by ENDPOINTS
Security experts estimate one-third of all endpoints that connect to the corporate network are insecure (see the Ponemon Institute 2016 State of the Endpoint Report). When the average employee is using multiple devices at work, this creates multiple chances for an insecure endpoint to access sensitive information, or an infected one to spread malware. Vigilance on what is on your network is just as important as who is on the network.
This is why the compliant state of an endpoint is so critical. Companies must establish criteria on how an endpoint is supposed to be configured to allow it access to the corporate network, Such criteria can include requiring:
- The endpoint to have the latest operating system updates and patches installed on the system;
- Critical applications to be installed, such as an active and up-to-date anti-malware package; and
- Endpoint services such as disc encryption and an up-to-date firewall.
Other aspects of overall endpoint operations and peripheral awareness also help manage risk. For example, determining which endpoints are running applications with known vulnerabilities; which endpoints have high memory utilization; as well as the trustworthiness of the endpoint, that is whether it is an unmanaged endpoint, or one that needs to be enrolled.
Enforcing proper security posture is good hygiene for your network. For example, Wannacry could have been prevented from spreading by ensuring that endpoints had the MS17-010 patch Microsoft released last March. A proper posture check would only allow network access to those Windows devices that were patched while also ensuring that that non-compliant endpoints were segmented off to contain any potential damage.
There are many integrated technologies available to automate endpoint checks to make your organization’s network more secure. With Cisco’s Identity Services Engine (ISE) for example, you have the ability set up the endpoint posture policies appropriate for your network based on employee’s role, location, type of devices, etc. Any endpoint could be denied access until it meets the requirements to connect. AnyConnect Secure Mobility Client deployed on the endpoint, collects a range of endpoint contextual information, and then shares this information with ISE so that it can determine if the security state of the endpoint warrants access. In Endpoint Detection and Response For Dummies, a eBook which explores endpoint deployment and management frameworks, Tripwire explains how security professionals can use patching; drift from “safe” baselines; device hardening; security intelligence sources; and agent-based solutions to protect their endpoints.
Despite protection strategies, some threats could slip past an organization’s network defences. And in those instances, IT staff need to determine whether a breach has occurred, how severe it is, how it can be contained, and how they can prevent a similar intrusion from happening again in the future. Doing so will help address cyberthreats and strengthen the company’s security posture.
For assistance with your organization’s security posture, contact PRIVATECH.