Current Filter: Security>>>>>>

   

Security branches out into all areas of IT and IT pros need to secure the entire IT infrastructure, but organisations tend to inadvertently neglect endpoint security.

Endpoint security threats are increasing each day, and while the motives vary widely, these threats can lead to exploiting vulnerabilities in enterprise endpoints.

Common threat sources include active (hacking) and passive (malware) techniques from physical devices, social networks, and other employee behaviours. What can be done to prevent these attacks? Here, the focus will be on best practices and strategies for enhancing endpoint security, and ensuring endpoints stay protected and secure.

Unauthorised software installations present some of the most common security vulnerabilities that plague enterprise IT environments. Organisations adopt policies to ensure only secure and required software is installed on employee workstations, but users disregard the policies and install unauthorised software.

SOFTWARE EXPLOITS ON ENDPOINTS
There are three types of software that present endpoint vulnerabilities:

• Patchable software, which has known vulnerabilities but can be patched with security updates available from the vendor
• Unpatchable software, which has known vulnerabilities, but no available patches
• Unknown software, which almost certainly has vulnerabilities, but both are unknown to the organisation.

To mitigate the risk of threats, IT teams should restrict the ability to install software on workstations and perform a regular software inventory to identify installed software

While monitoring workstations will help identify unauthorised software, authorised software can still be a vector for exploitation. IT admins must focus on patch management to keep business software up to date.

IMPACT OF MALWARE
Malware typically gains access via endpoints posing a threat to information security, and sometimes causing actual damage or disruption of services.

The 'Verizon 2013 Data Breach Investigations Report' cites malware as the source of 40% of breaches that occurred in 2012, second only to hacking attacks.

The 'Advanced Cyber Attack Landscape' report from FireEye indicates that malware has become a multi-national activity, with callbacks sent to command-and-control servers in 184 countries in 2012 alone. These numbers have increased by approximately 50% since 2011. All endpoints should be equipped with anti-virus/anti-malware (AV/AM) software to detect and quarantine malware, but cybercriminals are growing increasingly adept and are continually introducing newer attack methods. This dangerous evolution requires advanced security and protection to monitor the functioning of AV/AM solutions.

IT admins need to monitor security events by collecting logs and correlating them for advanced incident awareness.

Log management of AV/AM systems and other security appliances can develop a protective and preventative security information and event management (SIEM) framework.

ENDPOINT THREATS FROM USER ACTIONS
Employee's lack of knowledge regarding security practices will continue to be a primary challenge with endpoint security, because the threats are constantly shifting. Employees often fall prey to cyber-attacks, without even being aware of the attack. Educating corporate users about security best practices is important.

Page   1  2