5 Tips for Protecting Enterprise Endpoints

By Malcolm Orekoya, Senior Technical Consultant, Netutils

Views expressed in this post are original thoughts posted by Malcolm Orekoya, Senior Technical Consultant, Netutils. These views are his own and in no way do they represent the views of the company.

The idea that no single solution can suffice on its own to protect enterprise endpoints from the huge number of threats out there is a reasonable one. Therefore most security professionals accept the concept of defence in depth as the best means of protecting endpoints. The key however is to know what to focus on and to make sure your strategy covers all angles. Below are a few areas of focus that you might find useful.

  1. Understanding the endpoint

There are a couple of aspects of endpoint protection that sometimes get overlooked; the first is the multiple device types and roles that exist within the enterprise network and the second, the multiple operating systems (OS).

The first refers to the fact that most people misunderstand the term “endpoints” and often assume that ‘endpoints’ refers only to the laptops and computers that are used by their end users. Others should also include the increasing numbers of smartphones, tablets and servers on your network. However I believe the true definition of an endpoint should be any device that can connect to a network, can be assigned an IP address, and maybe (in some circumstances) gain access to the internet. Therefore devices such as printers, faxes, phones, electronic point of sales devices (EPOS) etc. are all endpoints and their level of protection and access on the network must also be controlled.

The second looks at the issue of managing and protecting other operating systems that easily exist on enterprise networks outside of the most popularly used Microsoft operating systems. A lot of organisations are increasingly having to provision access for a variety of other operating systems on the network, such as Apple OSX and various Linux operating systems like SUSE and Ubuntu. Security administrators must make sure they have the ability to recognise these operating systems on the network and apply the same level of protection and control as they would on their standard operating systems.

  1. Basic defence in depth

There are a few standard layered methods of protection that almost all endpoints should have today. This includes basic things such as automatic screen locking, password protection and enabled firewalls. Then every endpoint (irrespective of the operating system installed) should run an Anti-Virus (AV) and Anti-Spam (AS) software and even a malware protection solution. It is already well documented that AV alone will not protect endpoints against threats and with the increase in Advanced Persistent Threats (APT), there is even more of a requirement for AS and Malware solutions to work alongside AV solutions. All of the above should be the basic minimum security baseline for all enterprise endpoints.

  1. Data exfiltration protection

Most hackers are after your data and in order to get this data from your enterprise, hackers are intelligently going after enterprise endpoints as a way into the network as opposed to the enterprise networks directly. This means administrators have to start paying attention to how data can be extracted from their enterprise endpoints and how devices interact with their data. Intelligent whitelisting of known applications and operations on endpoints, especially those that make any outbound communications as well as control over what executables can run on an endpoint is one way of controlling this.

In addition privileged account usage and management is also key as administrator and root level credentials are the Holy Grail for hackers. So network and endpoint administrators need to be aware of how these privileged account credentials are used and stored on their endpoints and also within the enterprise network as a whole.

  1. Data in transit protection

Sharing of data across the untrusted internet is a normal part of business operations today due to the global nature of the workforce and flexibility provided by remote working. As a result organisations need to pay particular attention to the type of confidential data that can be taken out of their organisation either via storage on the endpoints themselves or via sharing mechanisms. Encryption of confidential data as it leaves your organisation as well as the ability to validate receipt and provide an audit trail of how that data has been used is becoming increasingly important. As a result there are now platforms available on the market that extend the protection provided by standard encryption of files, with things like two factor authentication, one-time passcodes, secure vaults and sandboxed environments. Depending on the classification of data within an organisation- i.e. the confidentiality rating of that data, varying methods of protection should be considered.

  1. Keep an eye on the news

Understandably it is absolutely impossible for any security professional to keep abreast of all the latest threats, vulnerabilities in software and trends without following a wide variety of vendors, news forums, blogs, social media etc., so although, these can sometimes be in themselves overwhelming with the huge amount of contents they publish, I think they are of paramount importance in providing a source of current and relevant information. Sites such as Dark Reading (www.darkreading.com) and the BBC News Technology website (www.bbc.co.uk/news/technology) can be a valuable source of breaking technology news as well as social media posts on sites such as Twitter and LinkedIn, provided one is following relevant organisations and individuals. As always individual preference will differ and determine which sites you prefer to follow, but the point is to use these resources in one way or the other.

This entry was posted in Uncategorized by Vanessa Cardwell. Bookmark the permalink.

About Vanessa Cardwell

I'm a marketing communications professional working within the technology industry for a great reseller called Network Utilities. Network Utilities (Systems) Ltd have been providing identity centric network and security solutions to organisations ranging from Telecoms and ISPs to large corporates and SMEs for over twenty years. Partnering closely with both industry leading and niche technology vendors to bring customers the best solutions the industry has to offer. I communicate every day with our customers & prospects to keep them up to date on the latest industry news and information on the products and solutions from our portfolio and I'm motivated by any new marketing techniques and methods we can use to do this. There's lots of great content posted regularly on our blog to help organisations like yours find the right IT security solution for you and your business. You can stay up to date by: • Following us on twitter @networkutils • Visiting our website www.netutils.com • Following our blog https://netutilsblog.com/

1 thought on “5 Tips for Protecting Enterprise Endpoints

  1. Reblogged this on Netutils Blog and commented:

    In the light of recent news reports on aggressive malware #GameOverZeus we thought you may be interested in taking another look at this blog post from one of our Senior Technical Consultants. Also do please ask us about our managed user security training service PhishAware. The service educates your users on exactly what can happen if they click on a dubious link in an email, open an unexpected attachment or enter sensitive information into a web page.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s