Endpoint security still inadequate despite growing threats

There’s not enough good endpoint protection to go around for every endpoint type. Using protections that do exist to the fullest takes extra care.

Endpoint security solutions today are lacking in spite of significant gaps, vulnerabilities in security and heightened fear of a security breach, says Promisec, endpoint security and compliance vendor.

According to Promisec data, 89 percent of VP and C-Level IT leaders who responded in a Promisec survey have a heightened fear of a breach over the next year while only 32 percent of respondents have advanced endpoint security in place.

The fact that 73 percent of the respondents agree that endpoints are the most vulnerable point for attack should magnify concerns. The demand is there and analyst market valuations for endpoint security reflect that. The market value should grow from $11.62 billion this year to $17.38 billion by 2020, according to a recent MarketsandMarkets report. Analyst group TechNavio pegs the growth at a CAGR of 10.4 percent over the period 2014-2019.

[ ALSO ON CSO: New endpoint security tools target zero-day attacks ]

Enterprises need guidance in protecting endpoints and alleviating the fears represented by these numbers. CSO will oblige.

The source of vulnerabilities

Some of the gaps and vulnerabilities in endpoint security are the lack of complete and regular rollouts of software patches, gaps in application blocking, and the continued appearance of shadow IT, says Steve Lowing, director of Product Management, Promisec.

“Enterprises don’t get close to complete coverage in patching some of the riskiest systems, which includes endpoint systems,” says Lowing. There are challenges that make it clear how this can happen such as when the devices are BYOD. These assets are not on the corporate network enough of the time to guarantee a window where the enterprise is certain they are bringing it up to a certain standard of perfection in security, Lowing explains.

During those windows of opportunity, the enterprise can use tools such as NAC to prevent access to the corporate network by endpoints until device-based security applications such as anti-virus and anti-malware update, run a thorough scan of the device, and clean it. Security software is only one layer of the necessary protection.

“We’ve found that making sure things like [antivirus] are always up to date is not sufficient to ensure proper coverage of endpoints,” says Lowing.

Ed Cabrera, VP of Cybersecurity Strategy, Trend Micro

Application blocking is growing in use, but there are still gaps in the deployment of that kind of solution. Shadow IT is a growing vulnerability with the increasing types of unauthorized BYOx (Bring Your Own Everything, including BYOA, BYOC) that people bring to or use for work because IT is not supporting it and may not even be aware it’s there.

Gaps and vulnerabilities in endpoint protection exist far beyond employee devices. IoT has the weakest endpoint protection because it has the weakest device resources. “IoT devices are not powerful enough to support traditional endpoint security solutions. It is harder to implement host based intrusion detection and prevention capabilities because of limited processing power, storage and memory,” says Ed Cabrera, vice president of Cybersecurity Strategy, Trend Micro. This will be a challenge for as long as IoT devices maintain their diminutive technology profile.

Protecting endpoints, alleviating fears

Enterprises should apply best practices for patching, which require test environments for any systems that are included in patch management endeavors. The enterprise should use policies to automate pushing tested patches out to devices, which should occur within a week of satisfactory test completion.

Perform this patch testing and promotion to production for as many systems as you can, at least including popular browsers, applications, and operating systems. Vendors offering endpoint patch management solutions include Lumension, IBM, and Symantec. “There are simple tools like Ninite that can help update an endpoint based on the application’s update needs,” says Lowing. Ninite is not a Promisec product.

Establish better control of applications. As with any security tool, it is unlikely that application control products will suit your endpoint environment out of the box. Administrators will have to learn and configure the software and its settings as these apply to each endpoint. Simply purchasing the product and throwing it in your network will not work.

To adjust application control to your device fleets, roll blacklisting/whitelisting tools gradually in order to address the unique needs of each endpoint and to appropriately deny applications by default. The enterprise should augment application controls by proactively validating any changes in the environment (file, registry, driver); the enterprise should do this by identifying the type of change using the latest threat intelligence services, Lowing instructs.

[ ALSO ON CSO: Review: Breakthroughs in endpoint security ]

By maintaining a pristine backup image that includes the device OS, applications, device policy, and controls that are required for that endpoint, the enterprise will have a reference point for spotting change. Application controls and blocking can defend against any detected, unauthorized change based on differences between the image and the contents of the live endpoint. The enterprise should actively update this golden image baseline as new patches come out for optimal control and reduction of the attack surface, Lowing recommends. Application blocking can help address Shadow IT, which includes unauthorized BYOx.

If and when IoT devices have the energy capacity and other resources to serve as a foundation for endpoint-based security technologies, the ones you should look for include IDS/IPS, which you would in this case install on each device. Network IDS/IPS together with reputation data from a mature threat intelligence solution would target attackers attempting to control IoT devices today. In one example, an advanced threat intelligence solution examines network traffic using sandboxing and detection engines to pinpoint viruses, malware, command and control servers and transmissions, and any signs of threats, according to Cabrera.

Extending hope

Though endpoints are a burgeoning attack surface that is sprawling ever further, the benefits and profits simply from IoT and mobility, for example, continue to outweigh the risks. Enterprises will have to extend themselves to ensure they are taking full advantage of the proper use of existing security measures that do help. Companies should continue to urge vendors to produce increasingly advanced endpoint specific security options.

Join the CSO newsletter!

Error: Please check your email address.

Tags endpoint securitysecurity breachthreats

More about CSOIPSLumensionSymantecTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By David Geer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place