One of the biggest challenges facing organizations today is the need to respond quickly to an increasingly mobile workforce and customer base. Data and services are the lifeline between organizations and consumers as well as employees. To stay competitive, most organizations are embracing digital transformation, developing new tools and applications that provide faster and more seamless access to critical information, regardless of the device being used to access it. As a result, the weakest link in the security chain of today’s expanding and increasingly distributed networks is almost always the endpoint.
However, most IT teams treat endpoint devices separately from the rest of the network. Endpoint security is often applied to devices as an isolated solution, usually in the form of an antivirus solution or endpoint security package. Network security often begins at the point where an endpoint device touches the network. But with networks spanning multiple ecosystems, including multi-cloud infrastructures, a growing number of cloud-based services, and even Shadow IT, that demarcation point is becoming increasingly difficult to define and defend. Enterprises can no longer keep endpoint devices in a secure “walled garden” that is separated from the rest of the network.
These devices also increasingly combine personal and professional profiles and information. Which means that private activity can impact business organizations. Specifically, when they launch an app or connect to the network, the network is exposed to whatever viruses or malware that device has been exposed to in the off hours. According to one study, 63% of organizations are unable to monitor endpoint devices when they leave the corporate network, and 53% reveal that malware infected endpoints have increased in the last 12 months. In addition, 56% of those IT professionals surveyed also report that they cannot determine compliance for endpoint devices, while 70% report a “below average” ability to minimize endpoint failure damages.
Gartner predicts that 99% of the vulnerabilities exploited by the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident. Endpoint devices represent a major source for such exploits. The challenge is that network security cannot protect endpoints, or even adequately protect themselves from rogue endpoints devices, when those devices and their vulnerabilities exist outside of the corporate parameters.
Finding an Effective Endpoint Security Solution
To address this growing challenge, organizations need an effective endpoint security strategy that ties endpoint devices, including end user, host, and IoT devices, into the larger network security framework. Today:
- Real endpoint security goes far beyond a simple AV service. It needs to leverage advanced detection technologies to deal with more sophisticated threats.
- It also needs to provide full, 24×7 visibility, compliance, and control to ensure those and other technologies are properly deployed, both on and off the corporate network, ideally without forcing a VPN session.
- Most importantly, it needs be able to integrate into the broader security framework to enable the sharing of advanced threat intelligence as well as the ability participate as part of a larger, automated threat response.
The biggest challenge in selecting an endpoint security solution is finding one that can truly be integrated with the rest of your security infrastructure. An endpoint security tool that talks to your edge firewall is nice, but since network access has become ubiquitous at many organizations, many access points, especially those inside the network perimeter, as well as cloud-based services and Shadow IT applications, don’t connect through the firewall.
Integration is Key
The first step towards establishing an effective endpoint strategy is to begin to leverage things like Open APIs, common management, orchestration, and analysis suites, or at the least, a centralized SIEM system to tie your various security solutions together. This common security fabric or framework is essential in extending visibility and control into the furthest corners of your distributed network.
Next is to determine the actual level of integration available. Just because an endpoint security tool is provided as part of a packaged bundle does not mean it is actually integrated. And even those that claim to be integrated often provide little more than the most basic services, such as being integrated into a common management tool that allows for things like configuration, event logging, and reporting. This is also inadequate.
Real integration begins with the ability to receive and share live threat intelligence. However, it also needs to be able to act on that intelligence once it is received. This includes such things as being able to confirm a threat, immediately raise flags to monitor for a live threat detected on the network, and even automatically adjust configurations and protocols in response to that threat.
Endpoints Are NOT “Other.” They are part of your network.
Ultimately we should stop viewing end point devices as being separate from the rest of the network. The reality is, once an endpoint device connects to your network, it is part of your LAN/WAN. This means that you should be able to:
- Quickly identify any device that connects to your network
- Automatically assess its current level of security to determine if it meets baseline standards.
- Provide role-based network access based on criteria that include compliance with security policy.
- Continuously monitor endpoint devices, bot on and off network, to detect if they become infected or compromised.
- Automatically quarantine compromised, or restrict access of, suspect devices to begin remediation.
- Collect and share real-time threat intelligence to ensure that all devices are tuned to the latest threat landscape.
- Actively participate in local or network-wide security countermeasures to limit the spread of an attack or compromise.
Endpoint Security is Everybody’s Responsibility
Endpoint security is the responsibility of far more than the endpoint or desktop IT team. In fact, it is required to be understood and leveraged by anyone who is responsible for the organization’s network security. These groups need better visibility, compliance, controls and response across the entire distributed network, including on and off network endpoints.
More than simply protecting individual devices, a true endpoint security solution continually assesses and ensures the integrity, confidentiality, and availability of enterprise data, network resources, and information systems.
Your approach to endpoint security must evolve to keep up with today’s security challenges. Read the white paper to learn why traditional endpoint security cannot protect your network and what is required instead. Also learn more about Fortinet’s NSS Labs Recommended Advanced Endpoint Protection Solutions.
For more reading, our paper on “Covering the Gaps in IoT Security” provides details on the security risks of IoT and what organizations can do to address them.