When it comes to protecting data, documents, and other key assets, providing proper protection and
end users and their digital devices hold the keys to mitigating threats outside the network core.
With the increasing use of mobile devices in and around modern organizations, today’s security threats and action are as much beyond organizational boundaries as they are outside the network core. But whether a user is working inside the boundary and the firewalls that go with it, or outside that boundary doesn’t really matter. Today, and for the foreseeable future, mitigating threats outside the network core is about discovering or recognizing the devices that seek access, monitoring that access, while also managing it carefully, and applying best security policies and practices to data and documents seeking egress beyond the network core. It’s no accident or mistake to see an endpoint orientation here, where dealing with and securing endpoints helps to establish and maintain security.
Discovering and Protecting Endpoints
The process of mitigating threats outside the network core thus begins with subjecting all attempts to interact with that core, and the services and assets it holds, to serious scrutiny. In the face of proper security policy that denies access by default, and permits access only by careful exception, recognizing endpoints is the necessary first step toward granting access of any kind. This means that users must provide sufficient and proper proof of identity to be allowed to request access. It also means that the devices they use must be discovered, recognized, and inventoried to make sure they meet minimum conditions for network entry and access. In practice, this means checking to make sure that devices:
- Run approved operating systems, and that such systems are patched and up-to-date from a security standpoint
- Run only approved applications and services to access organizational information and assets
- Are protected by an approved endpoint security software suite (or combination of components) to ensure protection against active threats and vulnerabilities, and are also up-to-date from a security standpoint
- Include sandboxing capabilities or data protection measures to prevent data and documents from being copied to end-user devices, or otherwise transferred across organizational boundaries
Devices that fail to successfully surmount all such hurdles, must either be shunted off into quarantine for remediation, or denied access altogether. Such “network health checks” as they’re sometimes called are an important way to ensure that any devices granted network access won’t cause problems, or introduce threats and vulnerabilities owing to user ignorance or malfeasance.
Monitoring Endpoint Activity
Beyond gatekeeping and health checks, ongoing observation of endpoint activity is essential to maintaining network security. Users who attempt to circumvent security policy (by copying financial information or intellectual property onto personal devices, for example) should not only be stopped from doing so, they should also be warned not to repeat such actions. Multiple offenders can be counseled and subject to disciplinary action, if warranted. Security training during onboarding should establish basic understanding of security policy and acceptable behavior from the get-go, and reinforced at least once a year with follow-on security awareness training.
Proper endpoint security also provides mechanisms for detecting unwanted or unauthorized applications and protocols that can circumvent security controls. By making sure endpoint software and systems are properly patched, and up-to-date, organizations can mitigate most threats and vulnerabilities. Ongoing monitoring provides an ace in the hole against zero-day or emerging threats, because it reveals patterns of access and behavior outside the norm for affected users (and often, beyond the pale of what security policy and best practice allows). This combination ultimately provides the one-two punch to mitigate security threats beyond the network core.
Read about reassessing your cybersecurity strategy to increase security posture