With agencies like the Federal Emergency Management Agency and the Census Bureau shifting more of their computing to mobile devices like smartphones and tablets, endpoint security is becoming more important than ever.
Agencies face an array of cybersecurity threats not just on desktop PCs, but on other endpoints that federal users take out in the field — and home with them from the office. Securing endpoints is becoming as critical as protecting the networks they run on, but it may not be a top security priority at all agencies.
A 2015 MeriTalk study on endpoint security across the federal government, underwritten by Palo Alto Networks, found that 44 percent of endpoints were unknown or unprotected; and that barely half of federal government survey respondents had taken critical steps to secure endpoints, such as scanning for vulnerable or infected endpoints.
Endpoints Present New Security Vulnerabilities
Agencies need to wake up to the potential security vulnerabilities of endpoint devices, because endpoint systems are the most common targets of malicious activity in the modern enterprise computing environment. The proliferation of notebooks, desktops and mobile devices creates a large attack surface for cybercriminals who need to identify only a single vulnerable system to gain a foothold on an enterprise network.
Even as security teams recognize the importance of securing these endpoints from attack, they find themselves frustrated by the inability of older security products to rise to the challenge. Attackers employ increasingly sophisticated weapons from their cyberwarfare arsenals, and these stealthy tools simply slip under the radar of traditional signature-detection technology. Endpoints that lack additional security controls present an appealing target to attackers.
The most sensitive information held by an agency sometimes exists on endpoint devices, but it’s more commonly found in enterprise data centers operated by an agency or its cloud partners.
However, these enterprise systems are heavily fortified against attack by a variety of security technologies deployed in a defense-in-depth strategy. Firewalls, intrusion prevention systems, data loss prevention technology and other security controls maintain a vigilant watch over these critical systems and their troves of sensitive information.
If an agency’s most valuable assets reside inside the walls of the data center, why then do attackers target endpoints?
Vulnerable endpoints offer attackers the opportunity to bypass the layered defenses designed to keep them out of enterprise data centers. By commandeering the notebook of an unsuspecting user, attackers can take advantage of that device’s trusted status on the network — and the credentials of its user — to gain access to the agency’s most valuable data.
This approach has proved to be highly successful at compromising sensitive information. While security architects place extreme importance on keeping outsiders at bay, they often capitulate to the demands of convenient access placed upon them by enterprise users and leave systems vulnerable to attacks waged through a compromised endpoint device. That’s not a condemnation of the need to balance security and convenience, but simply a fact of life in today’s complex computing environment.
Protecting Users’ Devices from Malicious Attacks
User activity poses one of the gravest challenges to endpoint security. Less than a decade ago, users were accustomed to a highly regimented technology experience controlled by a risk-averse IT department that carefully managed system configurations and software installation.
The rapid consumerization of IT changed these expectations, and users now expect the same instant gratification from their office technology that they experience with their personal devices. In fact, many users are able to bring personal devices onto enterprise networks through bring-your-own-device (BYOD) policies.
This leads to a loss of control over endpoints by IT security teams and opens the door for inadvertent user errors that could compromise these devices.
Users might fall victim to a phishing attack that encourages them to open a malware file or alter a system configuration setting, unwittingly allowing an attacker access to the system and a foothold on the network. It takes only a single user mistake to jeopardize the security of an entire network.
The sheer amount of software installed on the modern endpoint also creates vulnerabilities that attackers may exploit without even involving an end user. Operating systems and approved software applications all require regular security updates to patch vulnerabilities that might allow an attacker access to the system.
Even endpoints that normally reside on a private enterprise network, safely tucked behind a firewall, are vulnerable to attacks as soon as they leave the security of the enterprise network.
When a user connects to an airport or convention center Wi-Fi network, the device is exposed to the larger internet and becomes susceptible to attackers scanning for security flaws. An attacker might compromise that system and then lie low, waiting for the user to return to the office, allowing the attacker access to the private network.
New Kinds of Endpoint Protection
Traditional endpoint protection technology is extremely effective at battling traditional threats. Simple viruses, worms and other malware don’t stand a chance against a standard signature-based anti-virus package. The host-based firewalls integrated into these products block unsolicited network connections, preventing attackers from scanning an endpoint for most vulnerabilities.
Encryption technology protects the sensitive data stored on endpoints, rendering a lost or stolen device useless to someone who steals it or finds it in the back seat of a cab.
However, this technology is not capable of defending against advanced threats that leverage zero-day attacks, which sneak previously undiscovered malware onto a system before security companies can develop effective signatures. While signature detection still plays a vital role in the enterprise security stack, it’s no longer sufficient to keep an enterprise secure.
Fortunately, security vendors now offer next-generation endpoint protection solutions that incorporate advanced technology to mitigate the rising threat posed by sophisticated attackers.
These solutions use machine learning, threat intelligence, application control, behavioral analysis and other techniques to detect and respond to threats without depending on a malware signature database. These tools play an important role in enterprise security programs, either when integrated into an existing security solution or added as a stand-alone product.
This content is made possible by FedTech. The editorial staff of Nextgov was not involved in its preparation.