Endpoint

6/11/2013
12:52 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

12 Endpoint Security Myths Dispelled

Mistaken beliefs that hold back endpoint protection

7. Poor Signature Detection Is AV's Only Weakness
Antivirus has long been criticized for its fundamental design flaw, namely, you can't protect against threats you don't yet know about. But there's also another issue about AV and any other on-device endpoint protection that enterprises should account for: that these solutions, themselves, are vulnerable at times.

"The endpoint security solution runs on the same platform it's trying to defend and, consequently, suffers from identical vulnerabilities," says Pierluigi Stella, CTO of Network Box USA. "[That] means it is, in itself, vulnerable. In fact, the first thing Trojans do when they start working is to take down the endpoint security, disarm it, and render it useless."

8. Users Can Avoid Infection By Staying Away From The Internet 'Red Light' District
For a long time many an enterprise security awareness training program taught users that they could avoid malware detection through safe browsing habits. But avoiding the proverbial "red light district" of the Internet isn't a good enough hedge on your malware bets anymore.

"Pornography, warez, and torrent-like sites generally are more risky, but cybercriminals aren't just targeting those sites anymore," Hunt says. "We are seeing a lot of exploitation of legitimate sites now; there have been a number of exploits of ad networks, meaning that thousands of legitimate websites suddenly become malware-distributors overnight. Just visiting your favorite blog or news site can get you infected now."

9. Endpoint Security Is All Or Nothing
Mike Parrella, director of operations for managed services at Verdasys, has run into some people with the all-or-nothing mentality that if they couldn't protect all of their endpoints, they shouldn't even bother with the protection at all.

"Not all endpoints are created equal; if you have limited resource or budget, get endpoint protection on the machines that can get someone to your coveted data," he says, suggesting organizations start with simple use cases, such as preventing customer service reps from using USB devices or monitoring for malicious applications accessing sensitive files. "These low-hanging, high-value targets are important to help security pros generate the momentum necessary to move onto the harder aspects of a broad endpoint security program."

10. Endpoint Controls Are Expensive
Knowing what endpoints you have and what their current states are should be the first step to establishing better endpoint protection, says Rick Doten, chief information security officer for DMI. But many of his colleagues ignore the importance of these asset and configuration management tasks, often because they feel they need to buy tools to gather this information. Not so, he says.

[Why do data breach costs continue to grow? See Negligence, Glitches Push Up Cost Of Breaches Worldwide.]

"For Windows systems, Powershell scripts can pull anything from the machine you want," says Doten, who calls Powershell the most underused tool in the security toolbox. "I can put information about what applications or files users are using, when they used a USB drive, and other activity before or after the fact. Most folks like tools with a pretty interface, but if you have someone who can write Powershell scripts, you have a tremendous capability for identifying what is going on your endpoints."

11. Mobile Devices Live By Different Endpoint Security Rules
"It seems that we are still of the mindset that mobile devices are just some kind of thin client we can simply encrypt and forget about," says Paul Henry, a security and forensic analyst for Lumension Security. "With an encryption-only concern, it's apparent these devices are not being treated like something connected to the network with extensive amount of user information, passwords, and data. Mobile devices are endpoints that are just as juicy as laptops."

Doten agrees, stating that he hopes the myth of mobile devices standing apart from other endpoints is soon debunked.

"There is little that my users aren't doing in their daily jobs they can't do on their mobile device. The data they access, the applications they use the networks to which they connect, are all the same as they have traditionally with their laptops," he says. "We need to treat them as endpoints and set policy to protect them as we do computers, and include the monitoring and configuration management as part of our operations the same way."

It's a definite challenge once you consider these devices as a part of the mix, notes Brad Causey, author of the recent InformationWeek Reports paper "Building and Enforcing on Endpoint Security Strategy" (PDF).

"It's always difficult to find just the right security balance between user freedom and the safety of corporate assets, but the variability of endpoints -- especially with the rise in the BYOD, or bring-your-own-device model--makes things especially difficult," he writes.

12. Virtual Machines Are Immune To Attack
The idea that simply turning off a virtual machine that has become infected and the bad stuff goes away is a big endpoint myth, according to Mark Bermingham, senior product marketing manager for Kaspersky Lab.

While virtual machines may be less prone to threats, such as spyware and ransomware, they are just as vulnerable to malware in the form of malicious email attachments, drive-by-downloads, botnet Trojans, and even targeted spearphishing attacks, he says. "Now, we're seeing examples of malware that can survive the decommissioning of nonpersistent virtual machines and become active again when the virtual machine is put back into operation."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Doug Finley
50%
50%
Doug Finley,
User Rank: Apprentice
6/18/2013 | 4:16:06 PM
re: 12 Endpoint Security Myths Dispelled
The writing is actually worse than confusing; it's technically ignorant. For example:

GǣTrue, endpoint security does start on the device.Gǥ Since when? Endpoint security
starts at or outside the perimeter (deep packet inspection, ingress/egress), then firewall, IDS/IPS, network monitoring, heuristics engine, and so on. Once whatever protection residing on the endpoint kicks in, it means all the outer defensive layers have failed, otherwise the malware wouldnGt have appeared at the endpoint. The only exception is the one case noted in the article, where an infected device is attached directly to the endpoint.

Gǣ[T]he first thing Trojans do when they start working is to take down the endpoint security, disarm it, and render it useless.Gǥ ThatGs because AV vendors are so negligent about protecting their product from unauthorized shutdown. But they do so little good (already admitted in an earlier GǣmythGǥ) while sucking up so much CPU that they really are not worth having. No AV detects the truly dangerous attacks.

Too much effort trying to assure us that AV really is effective and worth the money and inconvenience/disruption; too little of technical value. Is this supposed to be an IT-oriented web site for dummies?
teedge
50%
50%
teedge,
User Rank: Apprentice
6/12/2013 | 1:41:01 PM
re: 12 Endpoint Security Myths Dispelled
Writing is a little confusing. You talk about the "12 endpoint myths" being dispelled then flip flop between listing myths (e.g. 5. AV Is Outdated And Useless, 6. Some Endpoints Aren't Important Enough To Be Attacked) and truths (e.g. 3. Endpoint Protections Good Enough For Auditors Aren't Good Enough, 4. More Signatures Doesn't Mean Better Protection).
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Dawn Kawamoto, Associate Editor, Dark Reading,  12/4/2017
Tips for Writing Better Infosec Job Descriptions
Kelly Sheridan, Associate Editor, Dark Reading,  12/4/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.