Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/21/2019
02:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Data Security: Think Beyond the Endpoint

A strong data protection strategy is essential as data moves across endpoints and in the cloud.

INTEROP 2019 – LAS VEGAS – Endpoint security is a common concern among organizations, but security teams should be thinking more broadly about protecting data wherever it resides.

"If you're just focusing on device protection and not data protection, you're missing a lot," said Shawn Anderson, executive security advisor for Microsoft's Cybersecurity Solutions Group, at the Interop conference held this week in Las Vegas. Rather than add multiple endpoint security products to corporate machines, he urged his audience of IT and security pros to think about protecting their data.

An estimated 60% percent of data is leaked electronically, Anderson said, and 40% is leaked physically. When an organization is breached, the incident costs an average of $240 per record. The average cost of a data breach was $4 million in 2017, a year when hackers stole more than 6 billion records.

As more devices jump online, the risk to businesses and their information continues to grow. An estimated 9 billion devices equipped with microcontrollers are deployed in appliance, equipment, and toys each year. Fewer than one percent are now connected. But that number will grow, and "highly secured" IoT devices require properties many devices don't have: certificate-based authentication, automatic security updates, hardware root of trust, a computing base protected from bugs in other code.

All computers within an organization – laptops, smartphones, tablets, a rapidly growing pool of IoT devices – are collecting larger amounts of data. Some of it is kept on the machine but more of it is moving to the cloud, which is powering the number of alerts companies handle. Microsoft analyzes 6.5 trillion threat signals daily, Anderson pointed out, up from 1.2 trillion a few years ago.

The cloud is accelerating how companies can collect, process, store, and use information. As companies transition to hybrid infrastructure, and their data moves across cloud-based and on-prem systems, they should evaluate their endpoint security strategies to make sure data is protected where it resides.

In his talk, Anderson discussed what he called the four pillars of infrastructure security: identity and access management, threat protection, information protection, and security management.

Securing Data Wherever It Resides

Companies should have a strategy in place to secure hybrid infrastructure and protect data from internal and external threats. "I always tell customers to assume compromise," Anderson said, emphasizing the importance of protecting identities. If an attacker has an employees' laptop that's one thing; if they have credentials to access a corporate network, that's another.

Identity protection is a critical component to threat protection, he explained. Businesses should strengthen users' credentials by enabling MFA, block legacy authentication to reduce the attack surface, increase visibility into why identities are blocked, monitor and act on security alerts, and automate threat remediation with solutions like risk-based conditional access. "Our admins internally do not have 100% access, 100% of the time, across the network," he said.

Threat protection describes the organization's ability to detect suspicious activity on the network and address problems on-prem and in the cloud. Ask yourself the following questions: Do you know if your credentials are compromised? How quickly can you remediate advanced threats? Do you have a system in place? How do you protect users from email threats?

"You could put 15 pieces of software on an endpoint, but if you don't have a data protection strategy, [attackers] win," Anderson noted.

Data must be protected in use, in transit, and at rest. Businesses should discover and classify sensitive data as it enters the environment, apply protection based on policy, monitor and remediate threats, and remain compliant as data travels throughout the organization before it's retired and deleted. Information should be tracked and monitored throughout its lifecycle.

Anderson listed a few key steps in the process of building this strategy: define sensitive data, establish a label taxonomy, and customize protection policies based on objectives and compliance requirements. As data is classified and labeled, organizations may adjust their strategy depending on what they observe as they monitor sensitive data and its effect on users.

Visibility, a commonly cited challenge among security pros, is core to the fourth pillar of security management. Businesses should build their security posture with visibility, control, and guidance across identities, devices, apps and data, and infrastructure to manage their security strategy across the organization and improve security practices over time.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19698
PUBLISHED: 2019-12-10
marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav_content_read() at libwav.c.
CVE-2019-4428
PUBLISHED: 2019-12-09
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2019-4611
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4621
PUBLISHED: 2019-12-09
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.