In the not so distant past, network and information security focused on securing the perimeter of the company. The increasingly advanced threats have shown that this strategy isn’t sufficient and that protection of the individual devices that the user interacts with is needed. The current standard for network security is a layered defense, especially in this increasingly mobile business climate(Kearns, 2016, pp. 1-2). Each mobile device that is allowed to connect through the hardened network perimeter into the soft center of the company is an attack route for the hacker or criminal. Or even worse, from the corporate network into the customer’s network(Bayuk, 2012, p. 62). That could be instantly fatal to a business reputation. Companies that hold US Government Federal contracts are required to have endpoint security controls(NIST 2013, p. 359).
An endpoint could be a workstation, laptop, iPad, or smartphone or any other device that the user interacts with. Mobile devices can be especially problematic because they are outside the corporate security perimeter and open to theft or compromise. This can allow data theft, data modification, and impersonation(Kearns, 2016, p. 2). Protection of the vulnerable endpoint requires several features(Kearns, 2016, pp. 43-44):
- Anti-malware: to protect the system from virus, Trojan, and worm threats.
- Firewall: to control the data connections allowed to the device.
- Drive Encryption: robust drive encryption is the only defense against a hacker in possession of the device.
- Data and Information Protection: software to examine the data content of email and file transfers to and from the device.
- HIPS: a host based intrusion prevention system to detect attempts to compromise the system integrity.
- Management and Reporting: allows the remote administration of the endpoint protection software and the destruction of the device data if lost or stolen.
Endpoint protection solutions are offered from several vendors, and most are now unified solutions, which greatly eases administration. Every device must have the protection software installed, and receive frequent updates from the vendor to protect against newly discovered malware and vulnerabilities. The host based software performs the updates automatically when connected to the Internet, and the central management interface allows the IT department to verify that all endpoints are protected for legal compliance purposes.
To choose an endpoint protection suite from the many vendor offerings, use the following criteria as required by NIST Special Publication 800-171.
- Efficacy as determined by independent testing organizations.
- Signature based antivirus, rather than the AI cloud based heuristic methods due to infrequent mobile connection availability.
- Compatibility with current operating systems, hardware, and software, including the Mac laptops preferred by the mobile workforce.
- Automatic update of patches and malware definitions(NIST 2013, p. 147).
- Scalability for future technology growth, including mobile devices.
- Central governance and policy management console(NIST 2013, p. 147).
References
AV-TEST Institute. (2017). Symantec Endpoint Protection. Retrieved 08/25/2017, from https://www.av-test.org/en/antivirus/business-windows-client/windows-10/juni-2017/symantec-endpoint-protection-cloud-22.9-172379/
Bayuk, J. L. (2012). Cyber security policy guidebook. Hoboken, N.J.: Wiley.
DOD. (2016). 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting (OCT 2016) Retrieved from https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012.
Kearns, G. S. (2016). Countering mobile device threats: A mobile device security model. Journal of Forensic & Investigative Accounting, 8(1).
NIST , J. T. F. I. (2013). Security and privacy controls for federal information systems and organizations. NIST Special Publication, 800(53A), 462.
SE Labs. (2017). Enterprise Endpoint Protection. APR – JUN 2017, 10.
Stephenson, P. (2017, 8/22/2017). Symantec Endpoint Protection 14. Retrieved 8/25/2017, from https://www.scmagazine.com/symantec-endpoint-protection-14/review/7116/
Symantec. (2017a). OS X compatibility with Symantec Endpoint Protection for Mac. Retrieved 1/11/2018, from https://support.symantec.com/en_US/article.TECH131045.html
Symantec. (2017b). Symantec™ Endpoint Protection 14 Data Sheet (pp. 6).