Leading from the front: your people and your cybersecurity systems
Protecting your organization from cybersecurity issues is increasingly about protecting the people in your organization. By accepting that human beings make mistakes, and trying to minimize the problems that staff cause, the business is taking the best measures possible to protect itself.
Perimeter-based security systems remain invaluable to no lesser extent: intrusion detection systems, firewalls, traffic monitoring and VLAN segmentation for less robust traffic should all still be used and maintained.
But mobile users and endpoints create most of the security headaches among IT security teams.
Before the launch of the iPhone in 2007, an endpoint tended to be defined as a desktop or laptop used either inside or from a remote location outside the firewall. Today, however, this definition extends to an array of platforms running different versions of OSes: Android flavors, Windows Mobile, Blackberry, iOS, Linux, Mac OS, Windows. Protecting these platforms, and the people who use them create new areas that cybersecurity teams must cover off.
So, what are companies doing to try and mitigate against some of these new attack vectors?
Common issues that are addressed by the providers we mention below have come about because of the portable nature of tablets & phones, but include problems affecting laptops and home installations that connect to the workplace:
- The mix of consumer technology and work technologies – personal and business apps running alongside each other on employees’ phones, for instance, so sensitive data is stored inappropriately (by accident or design).
- Personalized emails containing phishing attacks to personal and work email addresses – issues like the handing over of log-on credentials— are exacerbated by insecure password habits (see below).
- Staff sharing passwords with colleagues– to get higher level access than allowed, or for ease of use.
- Staff using insecure passwords– with gigabytes of common passwords available for download in plaintext lists, poor choices are easily exploited.
- The use of one password for multiple work and personal accounts– especially problematic as one breach or successful phishing event has exponential effects.
- Personnel losing devices like USB sticks, external drives, phones, tablets, laptops, or having the same devices stolen.
- Communications ‘in the clear’ like unencrypted data traffic, and SMS messages.
Like any cybersecurity measures, the solutions available on today’s market are rarely all-encompassing, and organizations serious about their cybersecurity will deploy multiple solutions from different suppliers – albeit, perhaps, overseen by a third party such as an MSP.
The companies we feature below do, however, go a reasonable distance in supplying those services that can close off the most dangerous and commonly-exploited attack methods.
Depending on your requirements, the services you deploy can make a significant difference between a secure, safe working environment and a PR disaster, or loss of intellectual property.
The methods to secure your personnel and the systems they use every day could include some (or all) of the following means of endpoint protection:
- Cognitive routines that help identify phishing attacks in emails or on messaging platforms.
- Malware identification using blacklists, community information, backed by machine-learning (from the vendor) that detects patterns in data traffic associated with malware & viruses.
- Server deployment and management of security features installed onto endpoints of every type, from older Android versions to Linux desktop to Windows XP installations on remote workers’ home PCs.
- Systems to remotely wipe data on lost or stolen endpoints.
- Beacon/GPS/LAN activation or deactivation of secure storage, so devices moved physically offsite from prescribed areas stop functioning automatically.
- Encryption of endpoints’ storage at rest, so third-parties, whatever the eventuality, can never retrieve data.
- The encapsulation and division of apps & storage on personal devices, such as phones and tablets, ensuring that personal and business accounts cannot be confused by users.
- Secure communication on all channels, with always-on encryption methods such as permanent VPNs and other ‘black ops’-style technologies.
Of the myriad of suppliers that fill this market space, here are three we consider to have elements that differentiate themselves in terms of breadth, power or specialism in the cybersecurity space at present.
Central to ESET’s offering is the ESET Security Management Center (ESMC), which utilizes a web console to provide real-time visibility for on-premise and off-premise endpoints. It also provides visibility into all OSes that a company might have, and creates concise and informative reports on all managed endpoints.
Additionally, Security and IT administrators can setup and adjust the policies or configurations of endpoint security products at any point in time, which can be executed remotely and automatically on devices. This allows endpoints to be remotely managed, to ensure that security solutions are installed and configured optimally.
ESET’s data encryption solution, ESET Endpoint Encryption, protects critical data and endpoint devices from being misused, in the event of loss or theft. As the management of endpoint encryption client is handled via secured internet connection through a proxy, there is no need to configure firewall rules-sets or VPNs. ESET Endpoint Encryption can also be integrated with ESET Secure Authentication, the two-factor authentication (2FA) solution, which can be setup in minutes.
Crucially, data encryption is required to comply with most data privacy laws, and ESET Endpoint Encryption solutions can help customers meet data security obligations by easily enforcing encryption policies. With low help-desk overhead and short deployment cycles, this can be achieved with minimal impact on productivity.
To learn more about ESET’s security offerings that cover the whole organization, click here.
Kaspersky Lab is effectively a household name thanks in no small part to both its presence in the consumer space, but as one of the world’s leading providers of cybersecurity expertise, its products are more than suitable to be used to protect forward-thinking companies.
The company’s products are in daily use protecting industrial IIoT, smart cities, servers, VDIs, virtual server arrays, and endpoints of any flavor and version. Kaspersky’s Endpoint Security for Business uses a single agent installed on Macs, PCs, and Linux OSes, with mobile clients for iOS and Android. Via a centralized control system, protection does not have a negative impact on performance – essential to ensure that staff accept the installation of software by their employer.
The Kaspersky solution comes with pre-configured templates, ready for immediate roll-out, or to be used as the basis of a bespoke security policy. Available in Select, Advanced or Total tiers, pricing, and coverage are transparent.
Symantec has gained Gartner’s attention as that company’s highest achiever in its measure of execution in the Endpoint Protection Platforms Magic Quadrant survey. The solution uses ‘traditional’ behavioral analysis that examines the data traffic patterns right across every endpoint.
This combines with ML (machine learning) routines which are educated continuously by data feeds from every single installation worldwide. This capability, the company claims, massively removes the high numbers of false positives that plague many IT security departments.
Due to the everyday use of specific applications across enterprises of all types (Office, Adobe Reader and so on), many cybersecurity issues tend to centralize on those apps, so Symantec’s protective systems give this specific attention, especially for zero-day exploits.
Whether the organization is threatened with a traditional piece of malware delivered by a phishing email, or website visitors subject to memory-based attack, the Symantec stack can help alleviate the issue.
The platform possesses several APIs, meaning its capabilities can be integrated into a larger overall security process, combining, for instance, log analysis, anti-malware, endpoint encryption and east-west packet analysis, for a fuller cybersecurity defensive layer.
As an additional feature, Symantec software can quickly create honey traps (machines set up as deliberately vulnerable), deployed to examine possible attacks. The information from these can be used to mitigate against further incursion attempts.
*Some of the companies featured on this editorial are commercial partners of Tech Wire Asia