Assessing Endpoint Protection

by Brian Petzold | Jul 5, 2019

AssessingEndpoint

 

If you search the Internet for a definition of “Endpoint Protection”, you will get a myriad of different (and sometimes conflicting) definitions. As one vendor told me, “Endpoint protection is whatever my product protects you from.” The problem is that no single endpoint protection product protects against everything on all endpoints. To achieve true endpoint protection, you need to assess your endpoints and your current controls and identify gaps in your controls. Today, we will provide an overview of how you can do this.

First, let’s get the definition out of the way. The best way to define endpoint protection is in broad terms, as it encompasses many different types of threats on different types of devices. Our definition of endpoint protection is “technology which protects your network and data from endpoint risks to privacy, availability, and integrity. It keeps threats out of your systems and keeps sensitive data in your systems.”

The first step in assessing endpoint protection is to identify all of your endpoints. An endpoint is defined as “Any computing device which connects to your network, including cloud-based networks containing your applications and data.” Endpoints include desktop computers, laptops, smartphones, tablets, servers, copiers, cameras, routers, ATMs, and so on. We recommend performing a discovery scan of all devices connected to your network. Add to this an inventory of any devices that attach to your email system, your VPNs, and any cloud-based infrastructure you utilize. Once you have identified all endpoint devices, group them by type of device.

The next step is to identify the attack vectors for each type of endpoint device. Start by asking “How would a threat get into this device?” For a desktop computer, this list will include email, websites, USB ports, physical network connections, WIFI, Bluetooth, DVD/CD drives, etc. These are the threat vectors. Once you have this list completed, ask yourself “what controls do I have to protect against threats entering from each threat vector?” At the end of this analysis, you will be able to easily see which threat vectors are not addressed by your current controls. These are your gaps.

Repeat the process in the previous paragraph, but this time ask, “How would data leave this device?” Many of these threat vectors will be the same, but there will be some additional ones such as “cloud storage” and “FTP sites”. Again, document the controls and any gaps.

You may need to perform the gap analysis multiple times on a device because the device can be used in different environments that have different controls. An example of this would be a laptop that is protected by a web filter when in the office but has no web filter when outside of the office. Another example may be a smartphone which is on the internal network when in the office but on the Internet when away.

After you have identified all of the gaps in the different scenarios, you should prioritize them and start discussing the specific gaps with vendors. We always recommend starting with your current vendors, as it is usually less impactful to add to an existing product than to completely replace an entire endpoint protection suite. If you do replace an entire product suite, make sure that you do not lose your current controls in the process.

Bedel Security helps financial institutions assess and improve their security posture. If your institution needs help assessing endpoint or any other facet of information systems security, please reach out to us at support@bedelsecurity.com 

We would be happy to assist!

 

Want these articles delivered weekly to your inbox? Subscribe to our Newsletter!

Recent Posts

Stay in the Loop!