As I discussed in last week's post
, smartphones, tablets, desktops, industrial equipment, servers and other technologies that connect to a corporate network are considered endpoints. Unfortunately, bad actors can abuse those devices and their network access to attack an organization. That is why IT staff need to protect as many of their company's endpoints as feasible.
Protection is an important step towards securing network devices, but it is not the only one. To truly secure a company's endpoints, security professionals need to do four things:
First, infosec personnel must discover all devices that are connected to a company's network. The discovery process involves monitoring for new endpoint asset connections, especially those a company doesn't know about. Suspicious connections could be a sign of an attacker trying to hack their way onto the corporate network.
Second, they need to take inventory of the OS, firmware and software versions running on each endpoint. They can use that information to prioritize known vulnerabilities and create a patching schedule.
Third, IT staff needs to monitor endpoints, files and the entire network for changes. If unknown modifications occur, they should use IoCs, anomaly and behavior detection, and policy violations to determine the severity of the change and whether the affected asset has been compromised.
Protection is the fourth and final step of endpoint security, which begs the question: how do companies go about protecting their endpoints?
In Endpoint Detection and Response For Dummies
, a new eBook which explores endpoint deployment and management frameworks, Tripwire explains how security professionals can use patching; drift from "safe" baselines; device hardening; security intelligence sources; and agent-based solutions to protect their endpoints.
Despite these protection strategies, some threats could slip past an organization's network defenses. In those instances, IT staff need to determine whether a breach has occurred, how severe it is, how it can be contained, and how they can prevent a similar intrusion from happening again in the future. Doing so will help address the Cyberthreat Gap and fortify the company's security posture.
For a deeper look into the four elements of endpoint security, download Tripwire's eBook today.