Securing The End Point
With some of today’s biggest security threats coming in the form of cyber crime, businesses of all sizes need to be aware of the dangers and make sure their entire business is secure. Financial institutions, along with insurance and real estate, are the second most targeted sector according to the Internet Security Threat Report (ISTR), receiving 19% of all attacks in 2012, but SMEs shouldn’t be complacent as the same report noted that small businesses were the target of 31% of all attacks worldwide that year.
But across all organisations it appears that consistently weak areas in the business are end points. Vendors are responding to this by educating organisations on the risks and providing ever-evolving end point security solutions.
“In the past few years we have seen new challenges including the massive shift from desktops to laptops, which added the pressure on data loss/leakage prevention security projects, with more demands such as full HDD encryption and mobile data protection,” notes Jalal Al-Bokhary, central territory manager — Saudi Arabia, McAfee.
Then, of course, there has been the rise of BYOD.
“With the increase in mobility and a mobile workforce, it is even more important for users to be aware of the dangers,” notes Bulent Teksoz, chief security strategist, Symantec. “As employees take advantage of mobility for work, especially in a BYOD environment, they are combining business and personal use on a single device, meaning a breach on a personal account can put business information in jeopardy as well.
“Currently, according to the 2013 Norton Report, half of smartphone users in the UAE have experienced mobile cyber crime in the past 12 months and 56% of mobile device users are not aware that security solutions for mobile devices exist. With 55% of working adults in the UAE using their personal mobile device for both work and play, it is increasingly important for businesses to educate users and ensure that endpoints are protected,” he notes.
Throw in the fact that some users are also shifting to virtualised environments and you can see another issue vendors have faced — a need to support and secure a wider variety of operating systems. But they have risen to the challenge with end point security solutions becoming far more sophisticated, with integrated encryption solutions and even data loss prevention modules.
“They have expanded far beyond just having updated malware signature files to incorporate features such as white listing or even behavioural patterns,” notes Megha Kumar, research manager, Software, at IDC MEA.
ESET’s channel marketing manager Elham Alizadeh runs through some of the aspects of the company’s end point security solutions: “Since mobile endpoints are now being used for business purposes — beyond just accessing emails — we provide mobile security solutions for the major smartphone platforms today,” she says. “These solutions safeguard smartphones and tablets from incoming threats with features such as antivirus and antispyware.
“Since data can also be leaked when the device is lost, the anti-theft feature is also a vital part of this solution. This built-in feature tracks missing devices and lets the admin stay in control of sensitive data. Through a single SMS command, it’s possible to remove all sensitive information including contacts, messages and memory card data. Furthermore, if an unauthorised SIM card is inserted in the smartphone, a message containing the card’s phone number, IMSI, and IMEI will be sent to a predefined number.”
Most of the players on the market are now working hard to become better at handling advanced persistent threats and advanced malware, as solutions for such types of malware have traditionally been on the network side, but we’re seeing more of this making its way to the end point.
“Looking at the more classic advanced persistent threats and malware, there is no doubt that the vendors have their eyes set on the end point and I think we will start to see them release end point clients in the near future or possibly, integrate closer with the vendors that are already well set in this domain,” notes Nicolai Solling, director of Technology Services at Help AG.
Then as well as providing vulnerability management tools, network access control and SSL solutions, vendors are also looking into new and improved ways to beat zero day and unknown threats. Symantec, for example, is doing this through a white listing service, where all new files seen across the world by its tracking systems are analysed and scored against a malware classification and blocked or approved accordingly.
Users need to be aware of an important issue however: vendors provide the ability to have full end point security, however if the solution isn’t set-up correctly you may not be fully secure. IT managers must make sure they’re fully involved in the process in order to be sure they have the correct set-up in place and understand the full abilities open to them.
“Most decent end point protection vendors will allow control and protection if the solution is tuned correctly. Unfortunately we quite often experience that the settings on an end point protection is not performed well enough to ensure proper protection,” Solling explains. “Quite often this is the fault of the systems integrator as it is their responsibility to ensure not only the successful implementation and proper tuning of the solution, but also to make sure that the customer is fully aware of all the features.”
Once an end point solution is in place, IT departments want advanced remote management tools that help to manage end point devices, and usability is a key for any security solution to.
“Solutions need to work, need to integrate into the business and also be easy to use so that admins can concentrate on collecting information to protect business assets,” highlights Ralf Haubrich, vice president Sophos CEEMEA.
The vendors response has been to make solutions that are easier for administrators to manage, such as end point security suites rather than single point solutions. These are designed to get updates easily and to integrate with existing infrastructure.
“In many cases, though the solution may indeed be capable of meeting the organisation’s security needs, the complexity of its interface prevents administrators from utilising and accessing the required features,” says Alizadeh. “We have found that providing a centralised management console is a great way for IT managers to easily manage the security of their entire organisation’s network from a single point.”
A number of different reporting capabilities are now on offer too. These include logs, vulnerability assessment tools, risk monitoring solutions and network access controls. Many vendors offer customisable reporting solutions that allow the users to get the information they specifically require for their responsibilities.
“IT administrators are interested in technical, deep-dive reports, while executives want a high-level security posture report. In addition, reports should be accessible and readable across multiple platforms,” Teksoz notes.
“Most solutions come with their own reporting tools however we also often integrate solutions into security information and event management (SIEM) environments, which allows the customer to have one holistic view of what is going on from a security perspective in their environment,” says Solling.
Looking forward, SaaS will begin to have more of a place in creating effective end points, however vendors and analysts believe we’re far off replacing end points with a service entirely based in the cloud.
“I personally believe both will coexist for a long time,” says Al-Bokhary. “Organisations with large, centralised offices will most likely continue with on-site management of end point protection solutions, even for their mobile users. On the other hand organisations which depend on distributed offices or service locations have already started mobilising towards cloud solutions, and security-as-a-service is not stranger of this shift,” he notes.
“SaaS will not replace all traditional end points in certain sectors,” agrees IDC’s Kumar. “SMBs may seek an SaaS format for cost and management purposes,” she adds though.
What is definite however, is that the sector will continue to expand, adding improved solutions.
“I believe we will see a classical disruption technology theory happening, as new resources become available via innovation, we will see easier ways to stay secure, detect suspicious activities and also clean up threats,” Haubrich notes. “People and traditional end points will still be with us for quite some time, it will however lead to some changes like incorporating both. It’s an exciting time to be in the security field!”