Endpoint security has been gaining ground in the IT Security world in the last couple of years, though they have been around for more than a decade and a half. The first product from the Endpoint Security stable was the anti-virus software. Now endpoint security includes personal firewall, host IDS, anti-spyware, client anti-spam, client remote access etc apart from many other tools. This article delves more into the concept of endpoint security.
What are endpoints?
Endpoints are computer systems which act as network clients and serves as a workstation. They are often mobile. Some of the common endpoints are laptops, desktops, PDAs, portable storage devices like USBs, CDs, etc.
Why endpoints should be secured?
Endpoints are where most of an enterprise’s business is being conducted. Disruption to endpoints will cause a huge impact to enterprise in terms of cost and loss of productivity. The latest security threats target individual computers to bypass perimeter security and attack from the inside. The following data provided by Gartner’s research wing will throw us light as to why we should protect endpoints:
- 47% of corporate data resides on mobile devices
- 1 in 10 laptops will be stolen during their lifetime
- 350,000 mobile devices were lost or stolen in the U.S. from 2005-2006
- Over 239,469 Smartphones and 11,303 laptops were left in taxis in major cities around the world over 6 months.
- An ordinary laptop holds content valued at $972,000 and up to $8.8 Million in data and intellectual property
What threats do endpoints face?
- Determined attackers have evolved spyware, trojans, keyloggers and other methods to deliver malicious code to an enterprise’s network interior. Authorized users can unwittingly vector malicious attacks through Internet downloads that bypass perimeter security.
- Hardware or software ﬂaws can corrupt ﬁles and put the actual bits and bytes at risk.
- Viruses and worms can attack ﬁles and server processes.
- Data can even be stolen by thieves with a USB drive and physical access.
- Use of endpoints as DDoS zombie hosts
What does an Endpoint Security Software offer?
A comprehensive endpoint security software should offer the following basic features:
- Client antivirus
- Personal firewall/Host IDS
- Client anti-spam
- Patch management (assessment/remediation)
- Endpoint vulnerability assessment
- Regulatory compliance on endpoints
- Client remote access, including IPSec VPN and SSL VPN
- Client access control and quarantine
- Unauthorized application blocking
- Endpoint policy management and policy enforcement
- Compliance assessment and host checking
- Policy development and communication
- Centralized monitoring program
- Full hardware and software inventory reports