The Endpoint Is a Moving Target

Once upon a time, when we talked about securing our networks from edge to endpoint, both ends of that route were pretty easy to define. Now not only has the perimeter blurred and blended so that it’s hard to determine where the local network begins, but the endpoint, too, has changed in nature. It’s no longer a fixed workstation, sitting somewhere on corporate premises, tethered to the rest of the internal network by Ethernet cables. Now it’s just as likely to be a laptop, tablet or smart phone that moves from place to place and connects to your network only intermittently. Securing these devices is a challenge – but it must be done; otherwise the security game is over before it begins.  

About 10 years ago, I got my first precursor to the modern “smart phone” – an HP iPAQ running Microsoft’s Pocket PC operating system. At that time, I never could have dreamed that one day the phone in my pocket would have more RAM and a more powerful processor than the desktop computer I was using back then. Today’s smart phones are handheld computers in every sense of the word, and workers are using them that way, both for personal and work-related tasks.

Mobile technology is a great convenience for users and the BYOD trend has saved companies money, but security got substantially more difficult when all those roaming endpoints came into the picture. It’s far easier to control on-premises workstations that stay put; with smart phones, tablets and laptops, you never know where they’ve been and what their users/owners have been doing with them prior to connecting them to your company network.

The proliferation of mobile devices greatly increases the risk of data leakage – the unauthorized transfer of internal data to persons or places outside the company. This could be company financial information, trade secrets, intellectual property, personal information about clients or employees, or any other type of data that should remain confidential. Mobile devices facilitate both intentional and unintentional leakage. Most studies show that a very large percentage of data leakage is unintentional, but that makes it no less damaging.

Data leakage can take place through many different vectors, including traditional email, web mail, instant messaging, malicious web pages, theft or loss of devices to which company information has been downloaded or on which it has been created and saved, and more.

In a world where so many of the endpoint devices on our networks are located physically outside of the perimeter, the importance of edge-based firewalls has faded into the background and securing the endpoint has become the logical focus of our new security paradigm. The endpoint has also become the favorite target of hackers and attackers, who see it as an easy way into the network.

Just as retailers and other businesses that maintain product inventory institute loss prevention programs to prevent theft of tangible goods, IT departments now recognize that data loss prevention measures play a vital role in protecting the company from the consequences of data leakage.

This means you need to be able to control what information travels to and from the mobile endpoints, and identify potential leakage sources. Mobile devices need to be monitored just as closely as stationary desktops are – or even more so, due to the heightened risk. You want to know when new devices connect to the network and you want to know what they’re doing after they connect. A good endpoint security solution will give you the ability to see into the activities of the mobile devices on your network and even track the specific files that are transferred to and from those devices.

However, protecting the endpoint – and protecting the network from the endpoint – needs to go further than that. With real-time alerts, you can take action when suspicious activity occurs. Even so, there may be times when data leakage occurs. Thus you want to ensure any data that gets into the wrong hands is rendered indecipherable. That can be accomplished by encrypting data on the devices and using encrypted, secure connections to transmit data between the endpoints and the company network.

In the past, endpoint security consisted primarily of antivirus software and maybe a host firewall. Today, with the perimeter walls figuratively falling down as the local network changes from a stable and geographically contained entity to a fluid one where devices move in, out and through, that’s no longer sufficient. The endpoints, particularly mobile endpoints, are the weakest link in the security chain. If your security strategy is aimed primarily at protecting your servers, it’s time to take a look at the endpoints.

About the Author: Debra Littlejohn Shinder

DEBRA LITTLEJOHN SHINDER is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond. Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure’s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic’s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on Windowsecurity.com and ISAServer.org, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies. Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft’s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area.