Network and Endpoint Security
Analyst Coverage: Fran Howarth
Network security refers to those technologies and processes that are used to keep networks in good, secure working order. Network security encompasses the prime tenets of information security, which are confidentiality, integrity, and availability. Some of the key concepts include network access control and authentication, policy enforcement, threat protection, privacy, secure connectivity, endpoint security, vulnerability assessment and monitoring, encryption, and data loss prevention. Network security should be proactive rather than reactive (see paper).
Endpoint security refers to any device that connects to the network, from servers to desktops, fixed function to mobile devices, and—increasingly—any device that is network-enabled. This once-futuristic idea—the so-called Internet of Everything—is increasingly becoming reality, encompassing everything from home automation systems to public safety and personal health devices, industrial controls systems to transport systems and devices. However, for most organisations, the current focus is on the ever-growing volume and range of mobile devices. As of 2013, there are more mobile devices in use than there are people in the world and such devices are preferred by many users as their device of choice for both business and leisure purposes.
Where, until recently, network security controls commanded the lion’s share of organisations’ security budgets, widespread and growing use of endpoint devices has all but eroded network perimeters, pushing out those boundaries. The endpoint devices have become the new security perimeter and are increasingly being targeted by hackers as the vector of choice for infiltrating the deeper network. Accordingly, organisations are now looking to take a holistic, end-to-end stance on security to encompass all entry points to the network. By integrating network and endpoint security, organisations are afforded greater visibility over the entire range of security threats that they face, both in real time and for historical analysis. Security events seen on hosts and endpoints can be fed back into network security controls, allowing more accurate decisions to be taken and more proactive protection applied across all resources based on the context of the threat seen.
Networks are the lifeblood of organisations as they are used to generate, process and store their most sensitive information assets. Therefore, the security of those networks is paramount. Network security is essential in order to ensure that information does not leak out of the organisation or is not stolen by hackers. It is also important to ensure that elements of the network are in good working order, with all vulnerabilities remediated. Network security is vital in efforts to achieve good standards of corporate governance, to reduce and manage risk, and to aid in regulatory compliance efforts.
The perimeters of networks are opening up to business partners and customers to facilitate mobile access and to take advantage of new technologies, such as cloud-based computing. It is no longer sufficient to tie network security controls to physical systems, which are far too static and inflexible for today’s network environment. Rather, controls should be tied to the identity of each user and should be based on context, such as the device they are using to connect, where they are connecting from and the applications they are accessing. Security needs to become people-centric, rather than network-centric. It also needs to take a far greater focus on the security posture of the endpoints that connect to networks so that a holistic stance on security can be achieved. Here, network access control technologies provide tremendous value.
Since networks and the endpoints that connect to them are central to business operations these days, everybody—and not just the security department or IT—should take an appropriate interest in achieving holistic security across the organisation. This may involve escalating issues to the appropriate authority (not everyone should be maintaining security; this should be the responsibility of a well-defined team) and implies that everyone is given security awareness training. Everyone should care about network security and emerging threats, not just the ‘security group’, although the professionals in the security group should address any security issues. This means that people should take a particularly active interest in both network and endpoint security, in the context of their role in the organisation, because the requirements for security are ever-changing.
Network security issues
Networks are seeing many changes driven by the need to reduce operating costs and reduce complexity, whilst at the same time supporting newer delivery mechanisms such as cloud computing and virtualisation. Data centres and networks are being optimised at a rapid pace and security should be built into data centre design, not bolted on as an afterthought.
Changes to the infrastructure of the Internet, including ipv6 and dnssec are currently having a significant impact on security design. with such widespread changes being made, the implications for security are manifold; see bloor’s primer here.
SIEM is increasing in importance as an enabler for the audit-ready business.
New technologies are being required to provide greater control and visibility over all network elements, spanning physical and virtual environments, to improve their integrity and protect against increasingly complex, sophisticated and advanced targeted threats (this is discussed here). The security issues of the Windows 7 OS are an emerging concern for many companies.
There are several more general issues evolving that should drive network security policies:
- The challenges posed by moving from traditional data centres to virtualised private and public cloud environments
- Securing the cloud infrastructure to ensure the integrity of the services it offers
- Building trust into networks, rather than selling security through fear
Endpoint security issues
Endpoints themselves are undergoing many changes. Servers are increasingly virtualised, mobile devices are increasing in popularity and remote endpoints such as industrial control and home automation systems are becoming increasingly IP-based. For now, most attention is being paid to the role of mobiles in organisations, especially those owned by users themselves and therefore not under the direct control of the enterprise. Termed BYOD, for bring your own device, this is now reality, not hype. Various security controls are available, from mobile device management to access controls based in the cloud (see paper)—ideal for those using mobile devices. Where once security threats focused mainly on computers and laptops, attackers have been increasingly going after mobile devices. According to the Ponemon Institute, just 9 percent of respondents to its State of the Endpoint 2013 survey stated that mobile devices were a rising security threat in 2010, although this had jumped to 73 percent in 2012. According to research conducted recently by NQ Mobile, mobile malware discoveries increased 163 percent from 2011 to 2012 and SMS phishing attacks, in which attackers send text messages to users with the intent of tricking them into either installing a program or giving up their credentials, are also a growing concern.
Increasing need to combine network and endpoint security
The imperative for organisations today is to gain insightful visibility across the entire technology stack—wherever the systems and devices are located, and whatever their ownership. This will provide them with the actionable intelligence they need for assessing the real situation they face. With the ability to collect, analyse and manage information from throughout the technology stack in real time, as well as being able to query historical information to uncover hidden incidents and discern trends, organisations will be better able to control advanced threats, prioritise alerts, investigate incidents, reduce remediation time and improve overall compliance.
Organisations need to renew their security focus to ensure they have control of everything connecting to the network. Securing the network has always been an imperative, and will remain so, but today’s advanced attacks take advantage of outliers on the network—the endpoints that connect to them—as well as the servers that house the most sensitive information. Bringing endpoint security into the mix provides greater context regarding applications and data usage, user behaviour and the system health of connected devices, which, when tied with network security controls, enriches overall security intelligence capabilities. This will allow organisations to make better-informed decisions through the enhanced situational awareness that this enables, giving them a more complete handle on the risks that they face and providing superior, more proactive protection.
The industry has long been dominated by niche companies that focused on specific products, like virus software or firewalls. However, the rising complexity of computing, and of security threats, is prompting a consolidation, as well as a need for products and services that span the spectrum of the security threats that companies face.
The network security space comprises a mix of large vendors, some of them specialised in security, others with security divisions. Many of the large vendors have rounded out their portfolios through acquisitions in recent years and are likely to continue to do so. There are also a number of innovative smaller vendors, many of which have highly specialised expertise and which are receiving heavy levels of investment.
- Overcoming the complexity gap - the role of automation in optimising network performance and security
- Evolving uses of the kill chain framework - using threat lifecycle management to defeat insider threats and ransomware
- The promise of managed endpoint security - ...the need for an integrated suite of cloud-based services
- Turning the tables on cyber criminals - using the cyber kill chain framework to protect your organisation
- The need for active response to advanced threats - passive remediation is insufficient