Why do I need endpoint security
Endpoint security is a growing trend in corporate IT, it refers to the protecting of corporate infrastructure when accessed via remote devices such as laptops, tablets, mobiles etc. When a remote user establishes a connection into the company, the device creates an endpoint which could be a potential backdoor for security threats if not properly protected.
Endpoint security products have been designed with these threats in mind and are there to help you secure each endpoint on the company network.
Endpoint security products are made up of software that is usually located on a centrally managed server that is reachable from any device on the network. Once the client software has been installed on the device, the client software will authenticate with the management server as well as providing updates and deploying configuration changes.
Most endpoint security software will provide solutions for anti-virus, anti-spyware, firewall, full disk encryption and also a host intrusion prevention system (HIPS). A basic description of the solutions is explained below:
Hopefully everyone reading this post will have anti-virus installed of some sort, whether it’s free or paid. Anti-virus is the software that keeps a watchful eye over your device ensuring that nothing bad tries to infect it. If you are unfortunate enough to be attacked, your anti-virus software will take measures to protect you.
What a lot of people don’t realise is, is that your mobile device (whether this is mobile or tablet) is also vulnerable to the same threats that your laptop / desktop computer is. It’s now becoming more important than ever to ensure that you’re mobile device is protected against these threats. All the major anti-virus vendors now offer solutions to protect you.
Anti-spyware software is designed to help you protect your computer or mobile device from software that is designed to gather information about a person or company without their knowledge and may send such information to another entity without the end-user’s consent.
The term “Spyware” is mostly classified into four categories, these being: system monitors, Trojans, adware, and tracking cookies. The spyware software is usually installed alongside some steamily legit software that has been downloaded from the internet and is mostly used for the purposes of tracking and storing Internet users’ movements on the Web and serving up pop-up ads to Internet users.
Always be careful when downloading software from the internet, make sure that it’s from a legitimate website.
Firewalls are the hardware / software products that are on the frontline working to protect your data. They protect you from all the nastiest things on the internet.
They are the security guard that says who’s allowed in or out of device, whether it’s a PC, Mac or phone. They monitor and integrate every single packet that comes in or out of your computer and then compare against a checklist of authorised applications of IP addresses.
Firewalls come in all shapes and sizes, but they generally all do the same thing, they inspect your data and only allow the good data through, blocking anything that isn’t on the checklist. By default all the latest Operating Systems are shipped with firewalls which are enabled by default. If you have disabled your firewall, reconsider enabling it again.
Full Disk Encryption
Full disk encryption is a product that whether it’s hardware of software based that encrypts your entire hard drive (or USB drive). Usually the full disk encryption products will prompt you for a password as soon as you turn on your device before it even attempts to boot into the Operating System.
If a company utilises laptops and members of staff store company data on the drives, its highly recommended that the laptop drives are encrypted with full disk encryption.
Full disk encryption products come in all shapes and sizes, encryption vendors also offer all sorts of features. In company setups there is usually a central management server which all devices will talk to and send their status so that the company IT department can run reports if needed.
HIPS – Host Intrusion Prevention System, is a product that runs on the host machine and is designed to monitor network and/or system activities for any malicious activity. The main functions of the intrusion prevention systems are to identify malicious activity, log information about any malicious activity and attempt to block/stop it, and report it to the end user.
HIPS are usually rule based systems and like firewalls, they will only allow authorised applications / traffic in / out of the device otherwise will try and block.
To summarise the above, if you want to stay safe and ensure that the business and clients are all safe and secure, you need to act now and ensure that you are protecting all entry points. It’s no longer safe to simply rely upon your corporate border firewalls and VPNs.
We’re now in a more connected environment than ever, Bring Your Own Device (BYOD) is now a common theme within most companies. If you are allowing your end-users to bring in their own device, do you ensure they are fully patched and protected against viruses and such? Do they lock their device when they leave it unattended? All these things are important, and endpoint security plays a big role in this.