The networks that we manage and work in today is much different from the networks we worked with even 10 years ago. Mainly because technology, hardware, and software have become more advanced. Unfortunately, so have viruses, malware, spyware, and end-users. With the influx of successful attacks on corporate networks, not to mention the theft and publication of intellectual property, the need for endpoint security is now at an all time high. It is important to note that the old school philosophy of protecting the endpoint with a perimeter firewall and written security policy is no longer valid. To protect endpoints for the typical corporate network today you need to have a more sophisticated approach.
First, your endpoint security must begin with a least privilege approach. Least privilege will help your users protect themselves by removing their local administrative privileges. When a user is configured to run as a local administrator, there are too many errant and malicious actions that can be performed on the endpoint. In this scenario, IT loses full control of endpoints where the user is a local administrator, not to mention the damage that can be done to the network when a virus or other malicious code infiltrates other desktops and servers through an endpoint where the user is running with local administrative privileges. The most difficult aspect of least privilege is still allowing users to run and install all approved applications and OS features while running with least privilege.
Second, all endpoints must be managed to control their access to data. For most organizations today, nearly all intellectual property, financials, human resources, credit card information, social security numbers, etc. are stored as data on some server in the organization. If any of this data is compromised by becoming public, being sent to competitors, emailed outside of the organization illegally, or accessed from a lost or stolen laptop or tablet, the company will lose millions, if not billions, of dollars. All company critical data needs to be monitored, tracked, and protected from any possible leaks outside of the organization.
Finally, it is important to understand that least privilege does not protect data against leaks, and protecting data against leaks does not solve least privilege. If either of these solutions for your endpoint security is left out, you are exposing the entire network to potential infiltration of malicious software or exposure of intellectual property to a Wiki site.