Vendor Accent

Endpoint Security Challenges and Solutions

Amit Verma talks about the challenges and possible solutions to secure endpoint devices in an enterprise

With the induction of network systems in enterprises, the security of endpoint systems such as PCs, laptops, mobile devices, had been the subject matter of growing concerns. In the recent past, there had been a phenomenal increase in the use of endpoint systems mainly due to national, international and multinational growth of enterprises along with the corresponding expansion of their connecting networks and workforce. This acted as a catalytic agent in the exponential growth of ravaging viruses, worms, spam as also proliferation of spyware resulting in the attack and infection of endpoint systems whose security was vulnerable. Blocking of these inroads into the systems is a daunting security challenge. For meeting this challenge, there is a need to define endpoint security and to appreciate various issues involved to offer solutions in regards thereto and to indicate the benefits flowing from there.

Salient features

Endpoint security for host connections is not merely against viruses and personal firewalls. It is much more than that as it also encompasses anti-virus, intrusion detection/prevention, configuration management, patch management and firewall potentialities. In essence, the endpoint security system should come into play as soon as a host establishes contact with enterprise network either directly through LAN or through remote connections. It should be able to verify immediately that the host system is updated with proper definitions of anti-virus, hardened and patched, host firewall running with the defined and acceptable rule set before allowing the connection to go through.

Traditional perimeter security defends endpoint systems within the internal core by restricting inbound and outbound network traffic. Therefore, these systems are largely exposed to direct attack bypassing firewalls and IDS/IPS circumference security. The problem therefore essentially is that of network security of both perimeter and endpoint being defined and maintained.

Solution roadmap

In the process of finding the solution to the problem, you have to ensure that the enterprise work technologies and administrative activities are consolidated and streamlined with the help or use of diverse defensive technologies.

Having identified and studied the problem in all its aspects, the solutions have to be worked out by taking care of the endpoint security issues, which can pierce through it. These issues are listed below:

• Connectivity through various endpoint host devices, remote users coming in through home networks, wireless hotspots, and other untrusted networks
• End-user control of endpoints especially roaming users making security more difficult than securing servers and networks
• Ready availability of advanced attack tools for denial of service attacks and other malicious activities
• Vulnerable endpoints affording favorable opportunity for virus replication and dispersion, bringing down network, stalling employee productivity, injuring reputation and causing damage that is costly to identify and repair
• Unsecured endpoints permitting unaware users to infect networks with viruses and Trojans
• Accelerating pace of virus and worm attacks reducing time for patches and updates

There may be repetition of some of the issues touched upon earlier in this article but it has been done deliberately as repetition oft repeated stresses the importance of the issues at stake. Along with these issues, the following features, which are related to them must be kept in mind at the time of finalizing the solutions:

• Threat management and secure Content Management
• Comprehensive protection against security threats to prevent resource and data theft by enhancing capability such as host intrusion prevention
• Network Access Control with Endpoint management mechanism
• Personal firewall and application firewall management
  Multifactor authentication
  Policy enforcement
• Data encryption management, Laptop access control
• Protection against hackers, intrusions, DOS attacks and potential threats to the increasing number of Wi-Fi-enabled mobile devices
• IT visibility on health of endpoints

After mature thinking and study, apt decision regarding defining and maintaining security be taken. The decision so arrived at, will meet present as well as future needs of the business.

Network quarantine solutions

To achieve the endpoint or host based security, the concerned organizations need to deploy network access control technologies, which can be termed as network quarantine solutions. These solutions sit on the top of routers, switches, wireless access points, software and security appliances to enforce endpoint security, by requiring a baseline security configuration from endpoint devices. This baseline information is sent to the policy server, which then makes the decision as to whether the device should be granted network access or not. Network quarantine solutions can be defined by two architectures: port-based and server-based.

• Server-based quarantine: Server-based quarantine tools integrate server software with endpoint operating system. It uses either DHCP address assignment to restrict IP address to prevent user access or issues quarantine commands to L2/L3 device via CLI scripts or SNMP to restrict endpoints that do not conform to policy.
• Port-based quarantine: Port-based solutions use port-based authentication and need hardware support from underlying networking equipment like routers, switches, VPN devices. There are two product types: port-based appliances and port-based switches.

Port-based appliances are mostly plug and play and need to be distributed (an appliance for each network segment) close to perimeter security and is pricey affair for highly segmented networks.

Port-based switches uses LAN switches as authentication enforcement points and quarantine clients using VLANs and MAC addresses. It is ideal for complex and large networks.

Endpoint security benefits

Endpoint security as well as risk management, which realign people, processes and technologies, is achieved through network quarantine. This, in turn, builds the foundation of security framework and assures movement of concepts of unification, simplification and virtualization culminating into proper networks. Thus, the business derives a series of benefits as indicated below:

• Network quarantine common denominator hazes out the distinction between access types and connectivity, local or remote, wired or wireless. All receive same security policy and access privileges
• Endpoint risk management: Endpoint security and risk management offers business a single and central client policy governing antimalware, identity management, configuration management, information leak prevention, encryption and network access control
• Enforcement of acceptable use of policies to ensure regulatory compliance: Roaming and mobile users cannot connect the network if they lack proper/acceptable security. The business will therefore suffer minimal loss arising out of user’s improper security. Threats can be managed more securely and lowest level of known acceptable risks can be ensured
• Consolidating IT operations and reducing costs. A single solution can be deployed by all embracing security of the enterprise instead of multiple point product solutions. IT operation costs can be reduced and effort utilized in more vital tasks
• Reducing the effort, complexity and security vulnerability of working with external and guest users: Separate access policies and security privileges can be set for external vendors, contractors or guests while they connect to the network reducing the effort and cost associated with provisioning such requests
• Ushering in of policy driven network and toning of features beyond network: The crux of network quarantine is the policy store, and enterprises can leverage and control elements beyond security like QOS and dynamic bandwidth allocation

The above list is by no means exhaustive, but is, only representative of certain vital benefits. More fringe benefits do accrue by adopting endpoint security.

Emerging technologies

Vendors have since evolved endpoint security systems through de-perimeterization of networks by newer products designed to address endpoint security needs and achieve other vital benefits. Currently the following systems are more commonly used:

• Network Address Control(NAC)—by Cisco
• Network Access Protection(NAP)—by Microsoft
• Trusted Network Connect(TNC)—by Trusted Computing Group(TCG)

There is an expanding demand for the endpoint security systems. Therefore, quiet a few more systems are available in the market for deployment according to individual requirements of the users. Some of them are as under:

• Integrity SecureClient—by Checkpoint
• NeatSuite Advanced—by Trend Micro
• Symantec Sygate Enterprise Protection—by Symantec

The need of the day is that all the systems be evaluated critically by focusing on the objective of evolving a very few products or preferably a single product which should be comprehensive and offer a minimal risk network. There is a distinct possibility that such a product will come into being in the near future, perhaps by coercing all of the extant systems. Until then, the advice is that a suitable system be adopted by following the guidelines enunciated in the preceding paragraphs of this article.

- The author is a security practitioner and an Information security consultant under Global Consulting Practice: Information Risk Management of Tata Consultancy Services (TCS) with diverse experience on IT infrastructure technologies and information security across geographies.