Five Endpoint Security Resources Every IT Leader Should Know

Five-Endpoint-Security-Resources-Every-IT-Leader-Should-Know.jpgSECURITY

Endpoint security tops the priority list for many enterprise IT leaders this year, across a wide range of industries. One main reason: “2016 is shaping up as the year of ransomware - and the FBI isn’t helping” (Los Angeles Times).

Ransomware, distributed by criminals via automated phishing email campaigns and large-scale infections of web servers, infiltrates the networks of hospitals, law firms and energy utilities alike, encrypting stored data, and demanding payment to unlock the victim’s data.

Data breaches at major law firms and healthcare data providers have already reached record numbers in the first half of this year. In many cases, the organization’s use of regular, non-secure browsers - which fetch and process code from the web on the local computer, including malware - opened the door for outside attackers.

Endpoint security is defined as, to quote one vendor we like, “the practice of employing layers of hardware and software solutions to secure the vulnerable points in your network”.

Regular browsers have become the most vulnerable points in the enterprise network, as illustrated by several of the publications reviewed below. Too easily, their flawed architecture and security weakness can be exploited for large-scale data breaches and in attacks against critical infrastructure, with potentially catastrophic consequences.

authentic8-secure-browser-it-security-infosec-resources-reviews-library.jpg

The alternative is a secure enterprise browser that, like Authentic8’s Silo, processes web content in the cloud, outside the company's network.

Because Silo’s patented technology keeps the endpoint out of reach of any web code - content is sent back as display information only - users of this secure enterprise browser are protected against ALL web-borne threats.

Securing the endpoint to counter internal and external threats effectively poses a significant challenge for the enterprise. We’ve scoured the internet to provide you with an overview of reports and whitepapers that reflect the current discussion and help you with fine-tuning your endpoint security strategy:

***

Endpoint Security: First Line of Defense Against Ransomware Attacks

Led by James Scott, co-founder of the Institute for Critical Infrastructure Technology (ICIT), and visiting scholar Drew Spaniel (Carnegie Mellon University), a team of 16 IT security experts examined “the weaponization of encryption”.

Their thoroughly researched ICIT brief, titled “Combatting the Ransomware Blitzkrieg: The Only Defense is a Layered Defense – Layer One: Endpoint Security”, describes how an increasingly diverse computing environment and the rise of mobile devices, web apps and cloud services are expanding the attack surface of enterprise networks.

Emphasizing that “[r]ansomware is unique among malware in that it specifically exploits human nature in order to succeed,” the authors do not blame computer users for its rise, as some in the industry have. Authentic8  CEO and co-founder Scott Petry commented on this unfortunate trend in his blog post  “I see what you did here. You blamed the victim”.

Instead, the ICIT authors emphasize the need for endpoint security measures that acknowledge the human factor: “Organizational leaders need to realize that humans are both the strongest and the weakest link in an organization.”

Our take:

While the title sounds quite sensationalist, this ICIT brief provides the most in-depth analysis of the ransomware phenomenon we’ve seen so far. Impressive in the light of more recent events: the authors’ timely warning (in April) against ransomware exploits affecting Industrial Control Systems (ICS) and SCADA (Supervisory Control and Data Acquisition) networks.

Read / download:

Combatting the Ransomware Blitzkrieg [PDF]

***

Local browsers, AV Products Spell Trouble for Endpoint Security

Antivirus (AV) software providers hope that endpoint security buyers never find out about “Killed by Proxy: Analyzing Client-end TLS Interception Software" [PDF], a recently published research paper from Montreal, Canada.

Researchers at the Concordia Institute for Information Systems Engineering (CIISE) examined 14 leading products that claim to protect data, block viruses, keyloggers and other malware, like ransomware, or to shield users from questionable web content.

The results were presented at the Network and Distributed System Security Symposium 2016. Here’s the zinger: The computer scientists found that many AV products make accessing the web less secure than even regular internet browsers. Which says a lot.

Readers of the Authentic8 blog know that regular browsers themselves leak data like a sieve and are inherently unsafe. They fetch and process code from the web locally, which allows malicious code to infiltrate the endpoint and propagate through the network.

Regular browsers check the security certificate delivered by a website and verify that it has been issued by the proper Certification Authority (CA). But they can be easily fooled, as the researchers demonstrated.

The team reports that many leading AV products pass themselves off as a fully entitled CA, thus allowing the software to trick the local browser into trusting any certificate issued by the products themselves.

Time and again, the researchers found that the tested programs were doing more harm than good. Or, as team member Xavier de Carné de Carnavalet put it: “Out of the products we analyzed, we found that all of them lower the level of security normally provided by current browsers, and often bring serious security vulnerabilities.”

Our take:

Regular browsers are detrimental to endpoint security as it is. Piling on with AV products that take advantage of their deeply flawed architecture may create a (false) sense of security, but will introduce new risks for IT security managers to anticipate and manage.

Read / download:

Killed by Proxy: Analyzing Client-end TLS Interception Software [PDF]

***

IT / OT Convergence and Lack of Endpoint Security

Manufacturers and utilities, in the U.S. and worldwide, report an alarming number of attacks that compromise Industrial Control Systems (ICS). Booz Allen Hamilton based its Industrial Cybersecurity Threat Briefing on publicly available sources and Department of Homeland Security data.

2015 saw a record wave of attacks. The number of incidents reported in the U.S. rose by 20 percent, to 295. Critical manufacturing areas were impacted in 97 incidents, energy and public utility systems in 77 cyber attacks. The trend seems to be unbroken in 2016.

While endpoint security - or the lack thereof - isn’t the focal point of the Industrial Cybersecurity Threat Briefing, we include this report in our list of resources because it documents a severe deficit in endpoint security planning for industrial and utility infrastructure.

Many of the documented attacks involved web exploits that first affected an employee’s computer, then compromised a SCADA (Supervisory Control and Data Acquisition) or ICS network.

Our take:

While overlaps between information technology (IT) and operation technology (OT) are becoming more common, lack of adequate endpoint security seems to be the main reason why successful penetrations of control networks from enterprise networks rose by 33 percent in 2016.

Illustration for Review: 5 Endpoint Security Resources Industrial Control Systems (ICS) - Booz Allen Hamilton Brief

Infographic Source: Booz Allen Hamilton Industrial Cybersecurity Threat Briefing

Read / download:

Booz Allen Hamilton Industrial Cybersecurity Threat Briefing

***

Endpoint Security - Market Quadrant 2015

This Radicati Group publication, available for download on the ESET site [PDF], provides a competitive analysis of the business endpoint protection market (the 2016 edition is expected for October).

Major vendors are ranked based on a four quadrant system, which includes "Mature Players," "Specialists," "Trail Blazers," and "Top Players" quadrants. Vendors are positioned based on their market share and the functionality of their solution.

Endpoint security vendors evaluated in the current edition include Cisco, ESET, F-Secure, IBM, Intel Security, iSheriff, Kaspersky Lab, Microsoft, Panda Security, Sophos, Symantec, ThreatTrack Security, Trend Micro, and Webroot.


Our take:

While Authentic8 is not (yet) included in this report, we liked the comprehensive overview of “Advanced Features of an Advanced Endpoint Security Solution”.

Silo, Authentic8’s secure virtual browser for the enterprise, incorporates four out of the six features listed in that section: Data Loss Prevention, Device Control, Encryption, Mobile Protection and URL Filtering.

Read / download:

Radicati Group's Endpoint Security - Market Quadrant 2016 [PDF]

***

Enterprise Endpoint Security: Rise of the Secure Virtual Browser

You didn’t think we’d close this overview without tooting our own horn at least a bit, did you? In Why a Virtual Browser is Important For Your Enterprise” [PDF], network security expert David Strom explains how a new generation of “virtual” or “security-aware” browsers helps enterprise IT security leaders grant flexible web access to employees while maximizing security.

Authored for Authentic8, the whitepaper describes how and why the regular browser turned into the “security sinkhole" of today’s IT infrastructure. Phishing, drive-by attacks, ransomware, SQL injections, man-in-the-middle and other exploits all take advantage of the local browser’s flawed architecture and inherent vulnerabilities.

IT security leaders are under growing pressure to shore up their infrastructure against web-borne threats. Companies that tried to restrict or block web access report diminished productivity and negative impact on the work climate. But what’s the alternative?

Silo, the secure virtual browser developed by Authentic8, was designed as an alternative to the local browser. “Why a Virtual Browser is Important For Your Enterprise” [PDF] asks which features and capabilities to expect from a secure virtual browser for the enterprise, and includes a list of selection criteria that can serve as a checklist for IT security leaders looking to establish state-of-the-art browser security.


Our take:

Most solutions mentioned in the other publications reviewed above provide some amount of endpoint security.  We think the prudent approach is to completely isolate the endpoint for maximum protection. We could have made this paper a bragfest how Silo achieves that goal. Instead, Authentic8 asked an external network security expert to examine the product and not to shy away from including critical review points about Silo. What did he find? Read it here!

Read / Download:

Why a Virtual Browser is Important For Your Enterprise [PDF]

Gerd Meissner - Gerd writes, produces, edits, and manages content at Authentic8. Before, he covered information technology and data security as a journalist and book author in the US and in Europe.

Topics: Security