With the explosion of laptops, IoT, tablets, smartphones and other smart technologies, endpoints are the single largest group of devices inside your network today. Since they are critical for business getting done, endpoint disruption can have a significant impact on your day to day operations. Protecting them is paramount.
There are four key pillars to building an endpoint security program that does its job well, and I detail each of them in my new guide, 4 Essential Strategies to Endpoint Security Protection. These pillars will help you build a solid security foundation that you can then customize to your specific risk profile:
- Asset management;
- Software auditing;
- Vulnerability management;
- Dealing with incidents
Asset management, or effectively enumerating and managing all of your assets, is simply the single most critical control component of security today.
Asset management, or effectively enumerating and managing all of your assets, is simply the single most critical control component of security today. If you don't know what you have, how can you ever begin to properly create defenses for them? In addition to cataloging your assets, you'll also want to audit all of the software that runs on them. Unapproved, overused and/or pirated software can add a significant measure of risk to your organization. To manage all of your assets and their software, follow these three foundational steps:
Step One: Establish a Baseline
Collect everything you have on where you stand, from diagrams and network maps to inventory purchases and serial numbers. In this step, you want to shore up any gaps to ensure you have visibility into your endpoint devices, no matter where they are, so that you'll be able to spot deviations from your baseline.
Audit random endpoint devices in different departments to look for common software packages in use by teams, obtain copies of POs and invoices and then look for what's been missed. Use tools to query your devices and open ports and services used by software packages to easily gather intelligence on what software is installed. Develop master deployment package lists to simplify future endpoint deployments.
Step Two: Refine and Maintain Your Inventory
Your baseline is likely going to change almost daily, so you need a way to transition devices in and out of inventory as well as a way to monitor for changes.
Develop a plan for exceptions, including legacy applications and special applications. One-off applications still need to be "owned" and managed, with some measure of control over the risks. Develop a map of regular application use (ports used, "call home" patterns) so you can spot anomalies, which could be incidents in their nascent stages.
Step Three: Introduce Automation, Integration and Alerting
The ideal asset management strategy will offload as much of the scanning as possible to automated and semi-automated tools to keep an eye on your network, inventory and asset documentation and to generate alerts or automated actions when something out of the ordinary pops up.
Make sure you continually update your standard image and configurations to roll updates and patches into them, and use automation to help monitor compliance and configuration drift. Integrating with other security tools, such as your SIEM and NGFW, can help build a better picture of your overall risk or alert to incidents.