 "In 2012, Get Smart About Endpoint Security")
The enterprise is changing. Technology has triggered a paradigm shift in the way we work, share and collaborate. With the entry of multiple consumer devices into the previously standardised enterprise IT network – employees can work from everywhere. It also means that there is an explosion of endpoints in the network: smartphones, tablets and PDAs, for example, which are used to access, modify and share company information. In fact, the New Year has already witnessed a slew of tablet makers launching variants of these devices for corporate use, and mobile data usage in India is soaring. The majority of Indian respondents to a 2012 Accenture survey indicated that they use tablets for professional and personal use and emerging markets such as Brazil, India and China had the highest intent to purchase tablets. Moreover, Indian enterprises are increasingly grappling with a mix of physical and virtual endpoints to secure and manage.
Clearly, with users having a 24/7 access to critical information, the type of endpoint has become almost irrelevant. As the infrastructure becomes more heterogeneous and information becomes central to doing business, cyber attacks are also changing in nature. We are in the midst of a significant shift in the threat landscape, where targeted, sophisticated attacks aimed at stealing/exploiting confidential data through vulnerabilities in endpoint systems are increasing. The Symantec Internet Security Threat Report XVI recorded more than 286 million malicious programs, equivalent to nine new threats every second of every day!
Furthermore, instead of a single malware strain infecting millions of machines; it is much more common to see millions of malware strains – a trend known as polymorphism - each targeting only a handful of machines. This explosion in malware scope and complexity is due in part to the proliferation of easy-to-use attack toolkits, which lower the barrier of entry and allow even novices to deploy sophisticated attacks. In such a high-variety, high-volume threat landscape, traditional endpoint security systems are obsolete. Traditional security software, which creates fingerprints to identify bad files, can’t keep up with the volume of threats and slow down the endpoint. In the current business environment, endpoints also require the same level of security across virtual and physical infrastructure, and often, in an IT environment that is a blend of the two. Specifically in virtual environments, security challenges include ‘AV Storms’/concurrent scans that bog down system resources, creating a load on virtual hosts.
That’s why businesses need to move beyond traditional approaches to endpoint security. To protect confidential information from external threats and secure varied endpoints in today’s heterogeneous IT environment, businesses should follow a holistic security strategy that is risk-based and policy-driven, information-centric and operationalised across a well-managed infrastructure. They need to develop and automatically enforce IT policies, protect information, interactions and identities, protect the infrastructure and manage systems efficiently. This includes anticipating, identifying and remediating threats when they occur, minimising consequences of lost devices, validating and protecting identities and ensuring restricted access, and implementing secure operating environments. Mobile endpoints need to be managed through the entire device lifecycle from provisioning to eventual retirement. Virtual endpoints need to have the same level of security as traditional endpoints, without being bogged down by concurrent scans/AV storms.
To achieve this, organisations require visibility, security intelligence and ongoing malware assessments of their environments to respond to new threats. However, in the complex security landscape, rapid response is only part of the job; today, businesses need to stay a step ahead of attackers to secure critical data.
The best practices below can help organisations improve their security posture:
Assess the risk. Organisations must know where sensitive information resides, who has access to it, and how it is entering or leaving your organisation. In addition, organisations should continually assess their network and endpoints to identify possible vulnerabilities.
Minimise the risk. Organisations must implement a multi-layer protection strategy to minimise the risk of exploited endpoints. In addition to traditional antivirus, firewall, and host intrusion protection technology, organisations should deploy the latest innovations in endpoint security, such as reputation-based security and real-time behavioral monitoring. Finally, organisations must patch applications and systems regularly.
Educate. Train employees on the risks and what they need to do for safe computing and then hold them accountable.
Be Prepared. It’s important to prepare for the inevitable by creating a full incident response plan and practise implementing the plan. This will improve response time and ensure a more complete response.
Specifically, reputation technology leverages anonymous data – such as a file’s prevalence, age and other attributes to derive a reputation score for every file, good or bad, without having to scan the file itself. Reputation technology also beats polymorphic threats since the more attackers mutate a file, the more suspicious it will be. In virtual environments, it alleviates AV storms and allows for faster, more responsive systems to support greater density of virtual instances.
A recent poll Symantec conducted found that organisations more prepared with endpoint security measures were 2.5 times less likely to experience large numbers of cyber attacks in the past 12 months. These top tier companies only experienced 21 percent of the downtime of the lower tier businesses – a total of 588 hours compared to 2,765 hours.
Organisations are living with a new reality today: one of repeated, sophisticated and targeted cyber attacks. Those that resolve to take a smarter approach to endpoint security in 2012 will find themselves better prepared to take on the onslaught from ever-evolving cybercriminals this year.
The author is Managing Director, India and SAARC, Symantec.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
