Four Pillars of Endpoint Security

Eric Cole, SANS Instructor
August 30th, 2017

Endpoint protection

The goal of security and protecting the endpoint is focused on managing risk, which is all about managing access to the system and related information.

What is Endpoint Security?

Endpoint security is the process of securing devices such as mobile devices, laptops, and desktop PCs, and ensuring that those devices comply with certain criteria before they are granted access to network resources. The goal of endpoint security is to limit the attack surface and safeguard the network from malicious threats.

In any area of security, there is no single, silver bullet technology that will protect and secure a system.  However, by taking an integrated, defense-in-depth approach to endpoints, proper security can be implemented.  In building a robust foundation for securing the endpoint, there are four key components I recommend that you address immediately:

Least Privilege

One of the fundamental rules of security is that any entity, or user, must be given the least amount of access they need to do their job.  If in doubt, do not provide access.  The main issue with least privilege is maintenance of the access.  Just because someone needs access today does not mean they need access in the future.  Removing access is key to maintaining an appropriate level of least privilege.

Application Control

Adversaries will typically target and exploit applications to allow long-term access to a system.  By compromising key applications, malicious code can be injected or tied to the applications.  Email and web based applications are often targeted in this manner.  By carefully controlling and managing applications, security teams can not only bolster security of the system, but make it much more difficult for an adversary to cause harm.

Password Management

In the case of traveling laptops that are directly accessible from the Internet, in many cases the first and only line of defense is authentication.  Regardless of all of the security software installed on the system, if an adversary can gain access to your password or an enterprise credential, they will have access to the system.  Least privilege will help minimize the damage–but ultimately, controlling and managing the authentication credentials will keep an adversary out of the system.

Behavioral and Threat Analytics

You may be familiar with the security mantra, prevention is ideal, but detection is a must. Ultimately, we have to recognize that systems will be compromised and, thus, timely detection is critical to finding and stopping the exploit. Advanced hunting mechanisms that utilize behavioral and threat analytics can be deployed to quickly identify and track down adversaries.

Visibility into the activity in all four of these recommended controls will ensure that any behavior analytic tools has sufficient information to analyze and identify when threats are likely occurring. It is not enough to have least privilege or application control alone if the events related to each action are not centrally collected, processed, and monitored in a manner that allows IT to take timely and appropriate action.

Download Eric’s white paper, “It’s All About the Endpoint: Protecting and Enabling End Users with Least Privilege”.
Read it now

BeyondTrust’s Endpoint Security Can Help

Eliminating excessive rights on user endpoints is a common starting point for many organizations to close avoidable security gaps, but legacy approaches to solving this problem are insufficient. Existing tools lack visibility into the security profile of applications targeted for elevation, and the risk-reducing effects of eliminating over-privileged users are negated if a vulnerable or exploited application is elevated for use. The traditional approach to solving endpoint least privilege problems requires security and IT teams to cobble together point tools from multiple vendors resulting in unnecessary complexity and cost, and no visibility into user behavior throughout the enterprise.

BeyondTrust solves this problem by:

  • Removing excessive rights on all endpoints, reducing risk, and simplifying least privilege enforcement
  • Providing visibility into target system and asset security, reducing risk from elevated application vulnerabilities
  • Providing application control on the endpoint, blacklisting hacking tools
  • Analyzing and reporting on privileged user and account behavior, reducing risk from anomalies
  • Delivering a modular, integrated platform, speeding implementations and reducing costs

If you would like to learn more about how BeyondTrust can take these best practice recommendations and translate them into real use cases, download my white paper, It’s All About the Endpoint: Protecting and Enabling End Users with Least Privilege, today.

Editor’s Note: This blog was first published in March 2016. It has been updated with content links.

Eric Cole, SANS Instructor

Dr. Cole is an industry-recognized security expert with over 20 years of hands-on experience. Dr. Cole has experience in information technology with a focus on helping customers focus on the right areas of security by building out a dynamic defense. Dr. Cole has a master's degree in computer science from NYIT and a doctorate from Pace University with a concentration in information security. He served as CTO of McAfee and Chief Scientist for Lockheed Martin. Dr. Cole is the author of several books, including Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible 2nd Edition, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is the founder and an executive leader at Secure Anchor Consulting where he provides leading-edge cyber security consulting services, expert witness work, and leads research and development initiatives to advance the state-of-the-art in information systems security. Dr. Cole was the lone inductee into the InfoSec European Hall of Fame in 2014. Dr. Cole is actively involved with the SANS Technology Institute (STI) and is a SANS faculty Fellow and course author who works with students, teaches, and develops and maintains courseware.