Partner Perspectives  Connecting marketers to our tech communities.
9/17/2015
10:00 AM
Manish Patel
Manish Patel
Partner Perspectives
100%
0%

Why Is Endpoint Security Failing?

Endpoint security assurance is not just about detecting threats, but about building a more effective endpoint security program.

It should come as no surprise that the next major battle in IT security is focused on endpoints. Mobility and BYOD have made it possible for users to remotely access just about any business resource. The adoption of cloud-delivered services enables workloads to move to a shared environment bypassing on-premises, layered security defenses and directly accessible by the mobile workforce.

In this segmented and diverse environment, organizations are implementing a variety of security solutions focused on preventing the latest threats. What often gets neglected is eliminating the weaknesses that lead to attack in the first place, and continuously monitoring for signs of compromise throughout your environment. What can you do to effectively fight the endpoint battle?

Tip #1: Illuminate Hidden Endpoints

A mobile workforce with a plethora of mobile devices challenges traditional security architectures. Consider that limited connectivity can cause devices to not always be visible, that many devices may not have the resources to run full versions of security software, and since ownership of the device lies with the user, it often falls outside the control of IT.

What can you do?

  • Start by getting a firm understanding of what’s connecting to your network. Use multiple techniques to form a composite view of connected endpoints and applications.
  • Supplementing endpoint agents with active scanning, passive monitoring, and even analyzing events from your network infrastructure such as DNS or DHCP servers and logs from network components can help identify both managed and unmanaged endpoints. This information is pivotal in then helping build scan policies to identify vulnerabilities, non-compliant systems, or unprotected endpoints that are at risk or that are unprotected.

Tip #2: Identify Weaknesses

Traditional signature-based endpoint protection is no longer sufficient in preventing targeted malware. Innovative technologies such as sandboxing and application wrapping may help in some areas by identifying unknown threats. While all of this is focused on analyzing traffic to look for indications of possible threats, as the Verizon DBIR clearly notes time and time again, a prominent way attackers infiltrate organizations is through known vulnerabilities and security weaknesses.

What can you do?

  • Before investing in exotic technologies, become exceptionally good at the basics.
  • First, button up your endpoints and ensure they are hardened and regularly updated. Hardening your endpoints can reduce your exposure by removing weaknesses such as open ports that allow attackers to access critical servers or unencrypted communications from payment-processing terminals.
  • Next, monitor critical changes on systems and track systems that drift out of compliance. Look to vulnerability management products to identify misconfigurations or extraneous applications as well as to continuous monitoring solutions that can track endpoints as they move out of compliance.

Tip #3: Routinely Check For Compromise

Compromised endpoints that connect to your network can propagate malware or become a springboard for advanced attacks. They can infiltrate critical resources by scanning for possible attack paths or weaknesses inside your network to transmit infection, gain root access through privilege escalation, or open pathways to access sensitive data.

What can you do?

  • Identify endpoints and applications that are not authorized or updated or those that are vulnerable. Once vulnerable systems are identified, prioritize remediation of critical vulnerabilities that are exploitable by commercial frameworks such as Metasploit.
  • Other recommendations include looking for signs of infection by identifying malicious processes on endpoints that are associated with malware; using threat intelligence services or looking for outbound communications to malicious sites; and monitoring sensitive data leaving your environment.
  • Finally, look for anomalies and behavior indicative of malware For example, is the endpoint probing other endpoints or networks? Is it behaving like a bot or opening ports to botnet sites? Is it reaching out to critical servers or initiating never-before-seen activities or processes?

Tip #4: Measure Endpoint Security Effectiveness

Security, network infrastructure, and compliance solutions are often deployed and managed by separate parts of the organization. Often, the objectives of each team are independent, yet sharing goals and information from security activities and assessments can surely help all parties reach their unique goals and help the organization elevate its security profile.

What can you do?

  • Start by building consistent security policies and then measuring your endpoint effectiveness against them.
  • Then, identify the gaps where endpoint security policies are failing to meet business objectives. For example, build dashboards and reports that continuously measure how quickly you identify critically vulnerable and compromised endpoints and how quickly you remediate them.
  • Implementing an endpoint security program based on defined frameworks such as critical cyber controls can help create a comprehensive, closed-loop process that can bring consistency to how endpoint security is implemented and measured in your organization.

Final Thoughts

Endpoint security assurance is not just about detecting threats, but about building a more effective endpoint security program -- one that proactively detects known and unknown endpoints, helps identify what is critically vulnerable to attacks, what weaknesses exist in your environment, and how effective you are at identifying threats and remediating them. If you are clearly able to answer the question “How secure are we?” and demonstrate this throughout the organization, you are already on your way to a successful endpoint security program.

Manish Patel is a senior product marketing manager responsible for managing the marketing activities of Tenable's integration with leading vendors in network and endpoint security, access control, threat intelligence, and cloud applications. He is instrumental in creating ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sincee
100%
0%
Sincee,
User Rank: Strategist
9/21/2015 | 4:11:21 AM
Re: Security starts when you press the POWER switch
thank you for this article informative!
macker490
50%
50%
macker490,
User Rank: Ninja
9/20/2015 | 8:50:47 AM
Security starts when you press the POWER switch
your Operating System Software controls Endpoint Security

what are you using?    is it doing waht is required ?
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Its family of products includes SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, and Nessus®, the global standard in detecting and assessing network data. Tenable identifies all types of risk on the network — including missing patches, malware and intruders, missing configurations and missing monitoring — so customers can make informed decisions about where they are exposed. Its products reach across cloud, virtual, mobile and traditional IT systems and measure attack vectors in each of these domains. Tenable’s continuous network monitoring solution measures organizations’ compliance in real-time. This ensures that gaps in security coverage and lapses in security programs get detected and prioritized immediately. Tenable is relied upon by many of the world’s largest corporations, not-for-profit organizations and public sector agencies, including the entire U.S. Department of Defense.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9541
PUBLISHED: 2018-11-14
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi...
CVE-2018-9542
PUBLISHED: 2018-11-14
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 ...
CVE-2018-9543
PUBLISHED: 2018-11-14
In f2fs_format_utils.c WITH_BLKDISCARD is not defined, which may cause the data partition to not be wiped at factory reset, leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. ...
CVE-2018-9544
PUBLISHED: 2018-11-14
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: A...
CVE-2018-9545
PUBLISHED: 2018-11-14
In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Androi...