12 Endpoint Security Myths Dispelled

  /     /     /  
Publicated : 22/11/2024   Category : security


12 Endpoint Security Myths Dispelled


Mistaken beliefs that hold back endpoint protection



It has been years since the security pundits have taken up the mantle to dispel the myth that antivirus alone is enough to protect the typical endpoint. And while that misconception does hang on in certain quarters, to a large degree it has been discussed ad nauseum. But there are plenty of other misapprehensions and delusions out there about endpoint security that are ignored in the process.
Dark Reading
recently talked to a spate of security experts to get them to weigh in on some of the other myths that get in the way of smart endpoint protection strategies. Here is the dirty dozen.
1. Macs Are Inherently Safer Than Windows Machines
Macs have long had a reputation for virus immunity, but that very misconception paired with mainstream growth for the platform during the past five years have created a dangerous combo.
The growing amount of Mac users and the few Mac owners that install AV makes Macs increasingly appealing to cybercriminals, says Simon Hunt, McAfee vice president and CTO of endpoint security. They have realized there is an open population of fast machines just begging to be attacked.
Grayson Milbourne, security intelligence director at Webroot, echoes Hunts points and adds a couple additional points to consider.
While the numbers on malware [that] target Macs OS X are dwarfed in comparison by those which target Windows, this past year was the most active ever for discoveries of new Mac malware and this is a trend we expect to see continue, he says. Another important fact to remember is that Web-based threats, such as phishing sites, function regardless of the OS being used.
2. Protection Has To Be On The Device
True, endpoint security does start on the device. But thats not necessarily where it should end, says Jay Botelho, director of product management for WildPackets.
A common misconception about endpoint security is that the practice requires monitoring software on each endpoint device, says Botelho, explaining that network monitoring and controls also play an important role in maintaining the security of endpoint devices. If a user brings in a device from home that has been infected with some type of Trojan horse, and then connects this device to your corporate network, you have a problem. With a network monitoring and analysis solution that looks at your interdevice traffic, inside the firewall, you will instantly detect when the infected device starts the process of trying to infect other assets on your network.
3. Endpoint Protections Good Enough For Auditors Arent Good Enough
Simply relying on compliance to drive endpoint security strategy can give an organization a false sense of security, says Ashok Devata, senior manager for product marketing for RSA, who explains that regulations lag behind the threat landscape by months and even years in some cases.
Passing a regulatory audit for endpoint doesnt mean that the endpoints and the data in them are secured, Devata says. Zero-day malware detection/analysis and content-aware DLP monitoring are some of the basic tools required for protecting endpoints against the latest threats, and [yet] regulatory audits dont prescribe such controls.
4. More Signatures Doesnt Mean Better Protection
Antivirus vendors have long duked it out over marketing superiority by fighting over who has more signatures. But Alex Harvey, security strategist for Fortinets FortiGuard Labs, says that the number of signatures alone should not be how you measure AV effectiveness.
Its important to understand that more AV signatures does not mean you are better protected against threats, Harvey says. Smart signatures will often detect multiple variants of one malware by detecting behaviors and patterns that all variants share. What is more important is the number of malware protected against, rather than signatures.
5. AV Is Outdated And Useless
For all of the bad rap that AV gets within the industry, it isnt useless, says Sean Bodmer, chief researcher of counter-exploitation intelligence at CounterTack.
Antivirus engines do catch a fair deal of commodity threats and provide better protection versus having nothing in place for at least a baseline level of protection, says Bodmer, who says that even though AV is considered as antiquated compared to other tools out there, it still serve[s] a purpose for subscribers who cannot afford enterprise-level or next-generation solutions. AV is always better than no protection, no solution is 100 percent, and anyone who says differently is drinking the wrong Kool-Aid.
6. Some Endpoints Arent Important Enough To Be Attacked
No matter how seemingly insignificant the user or the endpoint, theyre all subject to attack in this day and age.
Most malware is opportunistic. You have processing power and an Internet connection -- thats all a hacker needs to make a few cents by using your computer to send spam or perform DDoS [attacks], McAfees Hunt says. It costs nothing for them to infect you, so your machine is a pure profit generator for them.
Not only should IT avoid the thinking that goes along with this misconception, they should also be training users to understand why they might be targeted.
Anyone can be a victim, especially if you work in or have close family or friends active in the defense, finance, or energy sectors, Bodmer says. Today criminals have Facebook, Twitter, Snapchat, Foursquare, and so many other social media platforms that provide a nice playground for attackers looking to execute easy, yet sophisticated threats. Knowledge is power in this case, and cyberninjas know that more than anyone - -unless you work on the PRISM program.
Next page: Poor signature detection

7. Poor Signature Detection Is AVs Only Weakness
Antivirus has long been criticized for its fundamental design flaw, namely, you cant protect against threats you dont yet know about. But theres also another issue about AV and any other on-device endpoint protection that enterprises should account for: that these solutions, themselves, are vulnerable at times.
The endpoint security solution runs on the same platform its trying to defend and, consequently, suffers from identical vulnerabilities, says Pierluigi Stella, CTO of Network Box USA. [That] means it is, in itself, vulnerable. In fact, the first thing Trojans do when they start working is to take down the endpoint security, disarm it, and render it useless.
8. Users Can Avoid Infection By Staying Away From The Internet Red Light District
For a long time many an enterprise security awareness training program taught users that they could avoid malware detection through safe browsing habits. But avoiding the proverbial red light district of the Internet isnt a good enough hedge on your malware bets anymore.
Pornography, warez, and torrent-like sites generally are more risky, but cybercriminals arent just targeting those sites anymore, Hunt says. We are seeing a lot of exploitation of legitimate sites now; there have been a number of exploits of ad networks, meaning that thousands of legitimate websites suddenly become malware-distributors overnight. Just visiting your favorite blog or news site can get you infected now.
9. Endpoint Security Is All Or Nothing
Mike Parrella, director of operations for managed services at Verdasys, has run into some people with the all-or-nothing mentality that if they couldnt protect all of their endpoints, they shouldnt even bother with the protection at all.
Not all endpoints are created equal; if you have limited resource or budget, get endpoint protection on the machines that can get someone to your coveted data, he says, suggesting organizations start with simple use cases, such as preventing customer service reps from using USB devices or monitoring for malicious applications accessing sensitive files. These low-hanging, high-value targets are important to help security pros generate the momentum necessary to move onto the harder aspects of a broad endpoint security program.
10. Endpoint Controls Are Expensive
Knowing what endpoints you have and what their current states are should be the first step to establishing better endpoint protection, says Rick Doten, chief information security officer for DMI. But many of his colleagues ignore the importance of these asset and configuration management tasks, often because they feel they need to buy tools to gather this information. Not so, he says.
[Why do data breach costs continue to grow? See
Negligence, Glitches Push Up Cost Of Breaches Worldwide
.]
For Windows systems, Powershell scripts can pull anything from the machine you want, says Doten, who calls Powershell the most underused tool in the security toolbox. I can put information about what applications or files users are using, when they used a USB drive, and other activity before or after the fact. Most folks like tools with a pretty interface, but if you have someone who can write Powershell scripts, you have a tremendous capability for identifying what is going on your endpoints.
11. Mobile Devices Live By Different Endpoint Security Rules
It seems that we are still of the mindset that mobile devices are just some kind of thin client we can simply encrypt and forget about, says Paul Henry, a security and forensic analyst for Lumension Security. With an encryption-only concern, its apparent these devices are not being treated like something connected to the network with extensive amount of user information, passwords, and data. Mobile devices are endpoints that are just as juicy as laptops.
Doten agrees, stating that he hopes the myth of mobile devices standing apart from other endpoints is soon debunked.
There is little that my users arent doing in their daily jobs they cant do on their mobile device. The data they access, the applications they use the networks to which they connect, are all the same as they have traditionally with their laptops, he says. We need to treat them as endpoints and set policy to protect them as we do computers, and include the monitoring and configuration management as part of our operations the same way.
Its a definite challenge once you consider these devices as a part of the mix, notes Brad Causey, author of the recent InformationWeek Reports paper
Building and Enforcing on Endpoint Security Strategy
(PDF).
Its always difficult to find just the right security balance between user freedom and the safety of corporate assets, but the variability of endpoints -- especially with the rise in the BYOD, or bring-your-own-device model--makes things especially difficult, he writes.
12. Virtual Machines Are Immune To Attack
The idea that simply turning off a virtual machine that has become infected and the bad stuff goes away is a big endpoint myth, according to Mark Bermingham, senior product marketing manager for Kaspersky Lab.
While virtual machines may be less prone to threats, such as spyware and ransomware, they are just as vulnerable to malware in the form of malicious email attachments, drive-by-downloads, botnet Trojans, and even targeted spearphishing attacks, he says. Now, were seeing examples of malware that can survive the decommissioning of nonpersistent virtual machines and become active again when the virtual machine is put back into operation.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
12 Endpoint Security Myths Dispelled