WHT IS ENDPOINT SECURITY
Endpoints are typically the computing devices used by users in an organization and they can be a desktop, laptop, a tablet or a mobile phone also. Since the dawn of pandemic , Endpoint security has again taken a front seat as the traditional network centric approach is no longer valid with users working from anywhere.
Endpoint security is defined as the process of securing the endpoints and includes a set of security controls and not a single control for example access controls, endpoint hardening , anti-malware , data loss prevention tools etc.
WHY ENDPOINT SECURITY IS IMPORTANT
Any end user computing device, such as a laptop, desktop or a mobile phone can be leveraged by hackers to gain foothold inside the enterprise network for carrying out malicious activities. Securing these end user devices to prevent loss of corporate / organization information has become very privacy important in the wake of heavy fines being imposed as per various regulations such as privacy regulations and also loss of business to competitors. Post pandemic the perimeter security is no longer considered an enterprise security solution as users now access corporate information from discrete networks which no longer have firewalls or other malicious attack prevention technologies at their homes.
The best way is to force endpoint devices to meet corporate security baselines prior to being granted access to corporate data, thus effectively mitigating the risk of exposure to unknown and unverified endpoint devices. Many organizations are also adopting the Zero Trust Architecture, which is more like a Always on VPN with no traffic splitting, so essentially all traffic will be filtered by the organization specific policies via a reverse proxy and for allowing access to internal network assets the solution provides a secure and encrypted tunnel typically referred to as Private VPN.
Please note that Endpoint security doesn't mean actions being taken solely on the endpoint side rather the Endpoint security now encompasses the actions which extend along the entire chain of information access : from OS booting, User login, Application usage and access of Corporate resources (internal applications, data on file server , email etc.) from anywhere.
ENDPOINT SECURITY REQUIREMENTS
Endpoint security while is never 100% possible , however to manage the risk and achieve an assurance level of risk acceptance , organizations should have adopt a combination of essential and non-essential products to implement a layered defense approach. In my 20+ years I have seen the evolution happening from dumb terminals to AI based technologies and I have realized the essential ones are non-negotiable while non-essential ones can be based on lot of factors such as organization business domain , regulatory requirements , culture etc. Here is the list segregated into Essential and non-essential features , but you are free to build your own list. You may also consult me for building your endpoint security strategy by sending a DM over twitter.
Essential Features
- Endpoint Privileged Access control
- Application Control - Whitelisting and blacklisting
- Network access control
- Malicious Traffic Filtering
- Log Management
Non-Essential - Good to Have
- Device or data encryption at rest
- Information Rights Management
- Data loss prevention
- Insider threat protection
- Endpoint detection and response (EDR) - for Medium sized organizations
- Extended Detection and Response(XDR) for Large Organizations or for those who have complex business operations with sensitive data spread across multiple business units
As the technologies are evolving and most organizations are going cloud centric because of various reasons, the endpoint technologies are surely going to undergo metamorphosis too, don't adopt and commit for a solution longer than 3yrs if you are not very clear of the IT roadmap. Business teams mostly drive those decisions and its better to have beer in their company after business hours to understand what's going around to build a better technology landscape :).
