A means to an endpoint
In a world where hybrid work is now the norm and millions of connected devices form the IoT ecosystem, endpoint security is one of the most important and often overlooked components of a company’s security strategy.
According to new research from Transforma Insights, the number of IoT devices worldwide will almost double from 15.1 billion in 2020 to more than 29 billion in 2030. And even though many different industries use them, the biggest growth segment will be driven by the consumers with smartphones, computers and tablets. These connected devices are endpoints, used in the office and at home, or both, and are creating an attack surface comprised of different entry points for cybercriminals to exploit. In the office, any device that’s connected to the internet is vulnerable. From security cameras to printers and other plugand- play devices, IoT endpoints have become prime targets for hackers. The State of IoT Security, 2023 report by Forrester Research found that IoT devices were the most reported target for external attacks, more so than either computers or mobile devices. So how do you go about securing this complex IT ecosystem?
For Sikhumbuzo Mthombeni, a pre-sales and architecture manager at Dimension Data, endpoint protection is merely decoration without intelligence. “A business may be running a secure client and the latest signatures, but evading signature- based technology is very easy because it relies on known vulnerabilities or things that have been published that have signatures,” he says, “but if something comes through and it’s a zero day [attack], it’s almost impossible to pick up in advance.” It may be expensive, but Mthombeni says incorporating endpoint detection and response (EDR) should be standard. “EDR takes a different approach to endpoint protection. EDR assumes that you’ve already been compromised and starts to look at behaviours and how to mitigate that,” he says. “It’s being able to respond to an incident that’s already happened on the endpoint. If someone has compromised a certain application, and they’re trying to run the right to your registry, for example, EDR will be able to pick that up as anomalous behaviour.”
Keep is simple
Judy Winn, Peach Payments’ head of information security, says there isn’t a one-size-fits-all approach for endpoint security, and that it uses a risk-based approach to ascertain the most pertinent threats. “We try to keep things simple – simple in principle, but not simple in practice.” Winn’s endpoint security strategy comes down to cyber hygiene. “It goes back to your basic controls like user awareness and training, strong password and access controls, mobile device management systems and data leakage prevention solutions. That forms part of our strategy alongside a solution called endpoint protection platform, or EPP,” she says.
Cyber hygiene is an important part of hybrid work, and this increasingly flexible model gives threat actors more opportunities to attack. A global industry study published by Tenable found that 80% of security and business leaders said their organisations are more exposed to risk as a result of remote work. More and more employees are accessing company data from a personal device, yet 71% of security leaders lack high or complete visibility into remote employee home networks.
“If your mobile phone is connected to your corporate mail system, but you’re sitting on your home network, a business doesn’t have the ability to have everyone connect to a central server or network where it can easily push policies,” she says. “You now need to look at a strategy that is more agent-based and you have to try to get everyone to have the software installed and prevent them from uninstalling the software on their device to keep them secure, no matter what network they’re connecting to.”
Loadshedding also means that those without back-up power may work in other locations, such as a coffee shop.
“Ultimately, the best control is the end-user themselves and that’s why a continuous awareness and training programme is pivotal. You need to constantly educate and remind users of the potential risks out there,” says Winn.
You need to constantly educate and remind users of the potential risks out there.Judy Winn, Peach Payments
Mikovhe Luphai, Altron Karabina’s technical engagement lead security, says the most important part of endpoint security is the human firewall, the final layer of defence. “This means creating security awareness that encourages employees to accept security updates and deployments,” he says. “The landscape of IT has changed with the increasing use of Bring Your Own Device policies and Choose Your Own Device to include many mobile devices.”
Changing from a work environment to a hybrid work environment means that security teams must deal with the complications of these policies.
“With the number of connections made to environments from multiple locations, the likelihood of missing malicious actors increases because the landscape is simply too large to monitor unless we deploy automated detection and centralised monitoring tools that help paint a picture of logs collected from a variety of devices in the environment.”
AN UNCONVENTIONAL BREACH
The global number of connected devices across industries means more security vulnerabilities and some unusual hacks have happened at the endpoint. Smart devices are becoming increasingly popular, but many manufacturers are focused on performance, not security. One of the most sophisticated endpoint cybercrimes involved hacking a thermometer in a fish tank to access a casino’s database. Attackers managed to access the unnamed casino’s network in 2017 via a smart thermometer in the lobby and steal a 10-gigabyte database of high-roller gamblers. From the network, the information was sent back to the thermometer, into the cloud and to a server in Finland. “Security isn’t just a tech problem, it’s a business problem,” says Peach Payments’ Judy Winn. “It’s getting scary because there are many places that are moving towards cloud-based workloads. Shifting that heavy lifting onto these cloud-based service providers makes sense for cost and scalability, but attacks are going to evolve with that shift. Attackers are going to look at how they can compromise those endpoints in ways that we haven’t really seen before.”
Unlocking the car
Increasing numbers of vehicles are now connected to complex networks, which means they could also be compromised. Bloomberg reported a story of a 19-year-old security researcher who found a software flaw and managed to access the systems of specific brand of electric vehicles. Without a key, he could easily unlock a door, start a car and even control its lights and entertainment system.
AN ENDPOINT SECURITY STRATEGY
“With every device, there’s an expectation of some sort of connectivity to an organisation’s resources,” says Dimension Data’s Sikhumbuzo Mthombeni. “And with that comes potential threats in a path to entry.” Mthombeni looks at the components that make for a good endpoint security strategy:
1. Next-generation antivirus
Protecting an organisation today goes beyond antivirus, because antivirus is largely signature-based. A nextgeneration antivirus works by examining a system’s behaviour. Applying heuristics tend to perform better against attacks that are script-based. An example of this is a fileless attack that would typically bypass your signature-based solutions.
2. Continuous vulnerability, scanning capabilities
Endpoint vulnerabilities – missing patches or non-compliant software – are often overlooked. Having visibility into the endpoint, and not just at a network level, means that remedial measures can be applied proactively rather than reactively applying patches after the fact.
3. Threat intelligence
A threat intelligence database will include indicators of compromise and other artefacts, and will help to proactively detect vulnerabilities based on what others have experienced around the world. This increases the chance of catching zero-day threats.
4. Endpoint encryption
There is a mandate to encrypt data on the endpoint. If a consumer device is lost, the data on it also has to be protected.
5. Endpoint firewall
An endpoint firewall protects an individual device and filters traffic based on behaviour or the network profile. If the user is sitting in an office, a less stringent policy applies, but when they sit in an internet café, it needs a more stringent policy.
6. Data loss prevention
With the PoPI Act, there’s an increased focus on regulatory compliance. With endpoints, there needs to be a data loss prevention strategy.
7. Centralised management
This means being able to centrally manage and enforce policy from a single pane – all the endpoints that are running on or are protected by the endpoint platform. With more and more devices and operating systems, centralised management is a critical, yet often overlooked aspect, of an endpoint. It’s device support as well as operating system coverage, being able to administer as many different flavours of operating systems and devices as possible.
* Article first published on brainstorm.itweb.co.za