The information security landscape has continued to become more and more complex over the last decade or so, as the number of threats, and types of threats, has increased. InfoSec professionals must keep on top of these security threats and mitigate them as quickly as possible as they evolve. But the recent spike in publicly reported data breaches shows that there’s room for improvement.
Of the different potential targets within an organization, one of the most open to successful attacks is the endpoint, or in other words, the device an end user will use to access internal corporate resources. The definition of “endpoint” has expanded considerably over the last decade as the availability of mobile technologies and prevalence of teleworkers has increased. With this expansion comes considerable changes in how an InfoSec professional must protect these resources.
In modern networks, however, it is becoming more and more common for users to access internal organizational resources using employee owned devices, commonly referred to as bring your own device, or BYOD. While this difference in potential access increases the end user’s productivity and flexibility, it also increases the risk of potential threats to the organization.
There are a number of different methods that are used by these antivirus and anti-malware solutions to protect the endpoint from exploitation, some of these include:
- Treat Signatures
- Intrusion Detection/Protection
- Rootkit Protection
- Execution Protection
- Configuration Management/Patch Management
- Device Policy
- Device Use Policy/DLP
- Application Policy
- Network Access Control
- Mobile Device Management
In summary, many factors complicate IT professionals’ ability to properly secure access into an organization’s devices and resources. However, careful planning, the use of the appropriate tools, and a highly skilled and organized IS engineering staff, can make the job much easier. Of course, the endpoint is only one method of accessing an organization’s resources. Any IS strategy would not be complete without endpoint protection, along with plans that address the other access points into the network (servers, network devices, physical security).