Elements of Endpoint Protection
Features and benefits
Harden the Environment
Remediation of the current information systems environment would need to be conducted before endpoint protection is implemented. Nearly a third of all computers could be infected with malware suggests a report from the Anti-Phishing Network (Mello, 2014). Creating a standards foundation will ensure a proven framework to work with. The ASD essential 8 can be used to harden systems to cover off 85% of cyber-attacks.
Our solution incorporates a layered defence model. Defence in depth requires layering security protocols in a series that protects, detects and responds to attacks on systems (Merkow & Breithaupt, 2014). This system would intelligently monitor and respond to cyber threat from your internal network from each of the endpoints. The following would be required elements to have an effective multi-vector endpoint solution;
- Web protection - Prevents access to malicious websites, ad networks, scammer networks, and bad neighbourhoods.
- Application behaviour protection - Prevents apps from infecting the machine. (Signature-less).
- Application hardening - Reduces vulnerability surface and proactively detects fingerprinting attempts used by advanced attacks. (Signature-less).
- Exploit mitigation - Proactively detect and block attempts to abuse vulnerabilities and remotely execute code on machine.
- Payload analysis - Heuristic and behavioural rules, identify entire families of known and relevant malware..
- Anomaly Detection Machine Learning - proactively identifies unknown viruses and malware from known “good” files. (Signature-less).
- Ransomware mitigation - Detects and blocks ransomware via behaviour monitoring technology. (Signature-less).
Even if staff clicked on a dubious website or nefarious link within an email or email attachment, this endpoint solution would still be able to prevent the attack and reduce the impact of that attack. Without an SME having to implement each of the Essential 8 strategies, this solution would protect them from the risks that several of these strategies seek to prevent (Whitelisting, OS and App patching, App hardening, Office Macros). Each of these Essential 8 mitigation strategies seeks to prevent malicious code from executing and limit access to sensitive data. These mitigation strategies should be considered and implemented where cost-effective.
Secure the endpoints
The last line of defence is the endpoint (PC, Tablet, Laptop, smartphone). This is generally where attacks begin and are launched from. Securing each endpoint will minimize any spread of compromised systems and work with the security fabric to reduce impact and eradicate the threat. The most common ways malware infects information systems is through nefarious websites and email attachments and links (phishing) (Furnell, 2010). This is further evidence that the endpoint must be protected over and above any other device for a small business.
Monitor the system
It is great to have all the systems security in place but if nothing is keeping an eye on it, vulnerabilities will emerge and be exploited. By failing to monitor information systems, the response becomes a reactive one when a proactive one would be more appropriate. Reporting would be on a monthly basis.
Endpoint Protection is implemented in two ways;
1. Installed by the business with a link to the endpoint agent software
2. Endpoint agent software sent to SME MSP to install
Key challenges addressed
- Hardening internal systems against known exploits.
- Monitoring systems against known and ‘zero-day’ threats.
- Endpoint response and remediation .
- Proactive cyber defence.