IT SOLUTIONS
End Point Security
A strategy in which security software is distributed to end-user devices but centrally managed. Endpoint security systems work on a client/server model.
What is End Point Security?
It is the process of protecting devices like desktops, laptops, mobile phones, and tablets from malicious threats and cyberattacks.
Endpoint security is a strategy in which security software is distributed to end-user devices but centrally managed. Endpoint security systems work on a client/server model. A client program is installed on or downloaded to every endpoint, which, in this case, is every user device that connects to the corporate network. Endpoints can include PCs, laptops, handhelds, and specialized equipment such as inventory scanners and point-of-sale terminals. A server or gateway hosts the centralized security program, which verifies logins and sends updates and patches when needed.
Simple forms of endpoint security include personal firewalls or anti-virus software that is distributed and then monitored and updated from the server. The term is evolving, however, to include security elements such as intrusion detection and prevention, anti-spyware software, and behavior-blocking software (programs that monitor devices and look for operations and actions that are typically initiated by unsanctioned applications or those with malicious intent).
The most complex endpoint security programs use network access control to grant authentication and specific forms of access to user devices. When a device attempts to log in to the network, the program validates user credentials and also scans the device to make sure that it complies with defined corporate policies before allowing access. Required elements may include an approved operating system, a firewall, a VPN and anti-virus software with current updates, as well as any mandatory corporate software. The program will also scan to ensure the lack of unauthorized software, such as peer-to-peer applications and games. Devices that do not match the policy are given limited access or quarantined.
What Is End Point Security?
End point security is an information security concept that assumes that each device (end point) is responsible for its own security.
Traditionally, firewalls, central virus scanners and other intrusion detection or intrusion prevention devices were held responsible for securing an end-point. However, with the SSL VPN, the intrusion prevention systems in the perimeter become ineffective as SSL VPN can be controlled at the two end points one being the desktop and the other outside the user control in the Internet space.
End point security places the onus of security on the device itself. Examples exist with Broadband users’ increasing use of desktop firewalls, spam and antivirus software.
A variant of the end point security is the on-demand securing of a device. In this concept the server sends ActiveX or java components which take appropriate security measures: Profiling of the client environment from perspective of firewall, antivirus, patches, etc., memory protection program to create virtual desktop whose memory is different from that of the host system and deletes all data on exit.
Another look at endpoint security should include computer level tools that provide administrative control over the use of memory devices. Controlling the use of memory sticks, SD cards and other flash drive type memory devices. Endpoint security also includes the protection of a businesses network from employee memory devices that may unknowingly contain malware.
End point security does not have a one size fits all solution because every operating system has its own set of security related databases, parameters, programs, and tools.
Why Use End Point Security?
There was a time when a network or security administrator could sleep soundly at night as long as the network perimeter was locked down. If he or she had configured the firewall properly and the perimeter antivirus software was doing its job, it didn’t really matter how patched or secured the servers and desktops were within the network. Or so the logic went.
As the attacks and threats to computer networks have expanded — now including phishing attacks and spyware among other things — and the traditional definition of the network perimeter has disappeared, the rules have changed. Now, users carry PDAs and cell phones that are connected to the corporate network. They use laptops with wireless connections, transport data on USB flash drives and have all but negated the concept of outside or inside the network.
With these changes in how we use and transport data and the increasingly clever attacks designed to compromise and steal that data, the line of defense has moved from the perimeter to the desktop or other endpoint device. Securing the endpoint is the primary focus for most companies and security administrators now, and there is an ever-expanding selection of products aimed at helping them do just that.
It is common for desktop machines to be running antivirus software locally, and many organizations include other security software such as personal firewalls or antispyware at the desktop level as well. Organizations that employ a HIDS (host intrusion detection system) or HIPS (host intrusion prevention system) for additional monitoring and protection are becoming more common.
However, even with those tools installed, some administrators may not keep the systems up to date with the most current versions, and rogue systems that join the network still pose a risk. By taking advantage of some type of endpoint security verification, companies can make sure that insecure or unprotected systems are not allowed to connect to the network.
Summary
Organizations today face a threat landscape that involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities in endpoint devices. Many of these sophisticated threats can evade traditional security solutions, leaving organizations vulnerable to data theft and manipulation, disruption of business-critical services, and damage to corporate brand and reputation. To stay ahead of this emerging breed of stealthy and resilient security threats, organizations must advance their endpoint protection.
To combat the sophisticated, stealthy, and targeted attacks that plague today’s threat landscape, organizations can no longer rely solely on traditional antivirus and antispyware solutions.
Effective endpoint security requires organizations to implement additional layers of security that can proactively protect against zero-day threats. They need to take a holistic approach to endpoint security that effectively protects their organization from threats at all levels, while providing seamless interoperability that simplifies management and lowers total cost of ownership.
