BACKGROUND IMAGE: Baks/iStock

E-Handbook:

Are you next-gen secure? Defense-in-depth security key to IT

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

The endpoint security controls you should consider now

With the perimeter wall gone, securing enterprise endpoints is even more essential. Learn how automation and other developments can up endpoint security now.

Although the perimeter firewall remains an important part of defense-in-depth security, the bulk of an organization's...

security efforts must revolve around network endpoint security controls. Numerous exploits exist that allow an attacker to gain access to a PC and use it as a resource for launching an attack against other network resources. As such, security planning efforts must focus heavily on endpoint security controls to prevent endpoints from becoming a point of entry for an attacker.

Standardize and automate endpoint security controls

One of the things that makes endpoint security control difficult is that there are not always obvious signs that a PC has been compromised. Unlike a ransomware attack, which alerts the end user to its presence by prompting them to take action, backdoor Trojans are often silently installed and may go undetected for some time.

One way to defend against these types of attacks is to employ the concepts of standardization and automation. Consider for a moment the basic approach that is used by casinos to spot cheaters. Casino dealers are trained to rigidly follow standardized procedures at the gaming tables. The idea is that if games are played in a highly standardized way, then any anomalies will stand out, thereby making it much easier to catch a cheat.

This same basic concept works equally well in the world of IT. Network endpoint security controls should include uniform configuration across the organization so that anomalies are easier to detect. Of course, it is unrealistic to expect to be able to visually spot security anomalies in the way that casino security might spot a card cheat. Instead, IT shops should use an automated security scanning and remediation tool, such as the Desired State Configuration tool, or a third-party tool to ensure that each endpoint continues to comply with the organization's established security requirements. The organization should also use software to automatically notify an administrator and remediate the configuration -- or reimage the system -- if a PC is found to have deviated from the approved security configuration.

Endpoint security control through process whitelisting

Another key requirement for ensuring endpoint security is to use process whitelisting. The problem with traditional endpoint security software is that it has historically been based on signature detection -- such as malware signatures or attack signatures -- and heuristic detection. This approach assumes that all processes are trustworthy unless a signature match or a heuristic pattern suggests otherwise. As such, if a Trojan can avoid detection, then it can run with total impunity.

Process whitelisting works in exactly the opposite way. Rather than searching for malicious code, process whitelisting requires an administrator to positively identify trustworthy code. Only trusted, whitelisted code is allowed to run. If a Trojan makes it onto a system, it is denied the ability to run, and an alert can be generated.

Unfortunately, there is no silver bullet security product that will guarantee endpoint security.

Whitelisting can be implemented via the Windows AppLocker feature or through various third-party products.

Unfortunately, there is no silver bullet security product that will guarantee endpoint security. It is therefore important to practice defense in depth in endpoint security controls, using automated security configuration scanning tools, process whitelisting and other security mechanisms.

This was last published in January 2018

Dig Deeper on Endpoint protection and client security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close