Nation-states, organised crime, hacktivists and deliberate and unintentional insider attacks are at risk of organisations of all sizes. Endpoints such as mobile devices, desktops, laptops, and even medical and IoT devices are a popular attack vector, and the goal of an attacker is to not only compromise the endpoint but also to gain access to the network and the valuable assets within. The need for effective endpoint security measures has increased substantially, particularly in light of the rise in mobile threats. With threats continually increasing in sophistication and frequency, it is more important than ever to deploy an effective endpoint solution.
As more enterprises adopt practices such as BYOD (Bring Your Own Device) and remote/mobile employees, the enterprise network security perimeter has essentially dissolved. With employees relying on mobile devices and home computers and laptops to connect to company networks and conduct business, a centralized security solution is no longer adequate for today’s ever-shifting and undefinable security perimeter.
Over the years, the defence of endpoints has progressed from primitive antiviruses to more sophisticated next-generation antiviruses using advanced technologies, new and improved identification and the response of endpoints, and the OS-Centric Optimistic Security strategy. Anti-virus software and personal firewalls could be described as simple forms of endpoint security. Attackers stay up to date on security trends in order to create stealthier attacks, rendering legacy antivirus obsolete. Endpoint security supplements centralized security measures with additional protection at the point of entry for many attacks as well as the point of egress for sensitive data.
Endpoint security aims to adequately secure every endpoint connecting to a network to block access attempts and other risky activity at these points of entry. Endpoint security products may contain features and functionality such as: Data loss prevention; Insider threat protection; Disk, endpoint, and email encryption; Application whitelisting or control; Network access control; Data classification; Endpoint detection and response; and Privileged user control. Endpoint security isn’t solely conducted from devices, however.
By requiring endpoint devices to meet security standards prior to being granted network access, enterprises can maintain greater control over the ever-growing number of access points and more effectively block threats and access attempts prior to entry. Beyond simply controlling access, endpoint security tools also provide capabilities such as continuous monitoring, rapid time to detection, and blocking risky or malicious activities.
Two key components of an effective endpoint security solution, endpoint encryption and application control are essential layers of endpoint security that prevent issues such as data leaks occurring intentionally or unintentionally through the copying or transfer of data to removable media devices. Endpoint encryption fully encrypts your enterprise data on endpoints, including laptops, mobile devices, and other endpoints, as well as in individual folders, files, and removable storage devices like CDs and USB drives.
Application control prevents the execution of unauthorized applications on endpoints, a core component of comprehensive endpoint security measures. Application control solves the challenge of employees downloading unauthorized or dangerous applications on mobile devices, which could create network vulnerabilities and lead to unauthorized access.
Typical endpoint security solutions provide a two-pronged approach, with security software installed on a central server or management console along with software installed on individual devices. Endpoint security is handled in the business environment by a central management server that tracks and handles all endpoint connexions to the network. However, security solutions such as antivirus software are monitored and managed at individual endpoints in the consumer environment, without the need for central administration.
Cloud based endpoint security
Modern EPPs harness the cloud’s ability to manage an ever-growing hazard intelligence database, release bloat endpoints correlated with locally storing all this intelligence, and the maintenance needed to keep these databases up-to-date. It also provides superior speed as well as scalability to access this data in the cloud. The EPP includes a single console for system administrators that is mounted on a network gateway or server that enables cybersecurity experts to centrally monitor the protection of each computer.
Endpoint security solutions take a cloud-based approach to endpoint security to instantly access the latest threat intelligence without requiring manual updates from security admins. This allows for faster and more automated responses. They continuously monitor all files and applications that enter your network and have the ability to scale and integrate into your existing environment. Cloud solutions offer scalability and flexibility and are much easier to integrate and manage. There is also less overhead since there is no infrastructure to maintain and the installation process is faster and simpler.
Endpoint security combines the preventive protection of an EPP solution as well as the detection and investigative features of an EDR. An EPP solution is a preventative tool that performs point-in-time protection by inspecting and scanning files once they enter a network. The most common endpoint protection is a traditional antivirus (AV) solution. An AV solution encompasses antimalware capabilities, which are mainly designed to protect against signature-based attacks. When a file enters your network, the AV solution will scan the file to see if the signature matches any malicious threats in a threat intelligence database.
An EDR solution goes beyond simple point-in-time detection mechanisms. Instead, it continuously monitors all files and applications that enter a device. This means EDR solutions can provide more granular visibility and analysis for threat investigation. EDR solutions can also detect threats beyond just signature-based attacks. Fileless malware, ransomware, polymorphic attacks, and more can be detected using EDR solutions.
Where EDR improved on malware detection over antivirus capabilities, XDR extends the range of EDR to encompass more deployed security solutions. XDR has a broader capability than EDR. It utilizes the latest and current technologies to provide higher visibility and collect and correlate threat information, while employing analytics and automation to help detect today’s and future attacks.
Military end point Security
The Department of Defense’s recently released Cloud Strategy covers a lot of territory, from an emphasis on the multibillion dollar Joint Enterprise Defense Initiative as a foundation of its plans, to its description of seven strategic objectives it wants to achieve in the cloud. One of those objectives is to extend tactical support to warfighters at the network edge to give units in the field the technology and tactical information they need to operate in a battlefield where seamless communications are essential and where cyber operations and electronic warfare are an increasingly important factor. And a crucial element to extending the cloud to the tactical edge is endpoint security–protecting the devices in the hands, on the dashboards, and otherwise at the fingertips of warfighters–which is something that is still very much in the works.
In the same way that civilian agencies are grappling with securing smartphones and other mobile devices at home, the DoD needs to modernize its processes and, in a world where adversaries are also concentrating on digital warfare, do it quickly.
One aspect of endpoint security is combining physical and software-based protections in devices used at the network edge, which was the focus of a session at the AFCEA TechNet conference last August in Augusta, Ga., on cyber electromagnetic activities. Security experts have also touted the advantages that machine learning can bring to mobile devices by monitoring constantly for behavioral anomalies and other signs of intrusion.
The Defense Advanced Research Projects Agency, meanwhile, is looking to ensure that data being shared in a cloud system can always be tracked, with its Guaranteed Architecture for Physical Security (GAPS) program.
InfoReliance-McAfee Team awarded $182M Army Managed Services Contract for Endpoint Security Platform in 2017
The U.S. Army awarded a team of InfoReliance and McAfee a potential five-year, $182 million contract to provide managed cybersecurity technology platforms and services for the service branch in 2017. The companies will field and operate the Army Endpoint Security System through a managed platform-as-a-service model to provide global situational awareness capabilities. The AESS platform will work to increase the military branch’s endpoint protection, automate reporting metrics to the Defense Department’s Cyber Scorecard and reduce the service’s attack surface.
The Army awarded the competitively procured contract to the industry team through InfoReliance-owned SEWP Solutions joint venture under NASA’s Solutions for Enterprise-Wide Procurement V government-wide acquisition contract. Aaron Faulkner, chief strategy officer at InfoReliance, said the contract seeks to reflect the company’s efforts to implement and deliver McAfee platforms as a service in an effort to provide cyber defense capabilities to clients.The managed platform will be hosted at Army-operated data centers and will work to provide threat detection and response functionality through McAfee’s Threat Intelligence Exchange designed to leverage the company’s Data Exchange Layer offering to facilitate threat information sharing. McAfee and InfoReliance will respectively deliver and manage the AESS platform that will work to provide visibility of the Army’s approximately 1.4 million endpoint devices worldwide.
References and Resources also include