stock.adobe.com

Endpoint security strategy: Focus on endpoints, apps or both?

Companies know how to secure traditional endpoints, but what about mobile devices outside the network? They should decide if they want to protect devices, apps or both.

An endpoint security strategy is a crucial component of any enterprise cybersecurity program, but choosing which tools to use, which software to buy and which policies to enforce is quite the undertaking.

Two popular solutions to these endpoint security challenges are either deploying an endpoint security platform or using a combination of application security and containerization.

However, industry experts say it doesn't have to be an either/or decision. Both can work together to build a cohesive endpoint security strategy. What companies want, especially with more employees outside the traditional perimeter, is to get visibility into how data is used, said Jason Clark, chief strategy and security officer at Netskope.

"The main thing companies look for is getting the control back of what the user is doing, what the app is doing and, most importantly, what's going on with the data. The grand strategy for security is to protect data. That's the No. 1 job," he said.

Endpoint protection challenges

One major aspect to consider is how best to keep data secure when it's accessed from endpoints other than desktops and laptops -- and how to do so without adding too much friction to users.

Another challenge is monitoring the growing number and variety of endpoints. This issue was exacerbated by the COVID-19 pandemic, which forced office workers to work remotely -- something many companies were unprepared for. Yet, despite its importance, less than half of respondents to a Ponemon study said they monitor their networks 24/7.

In addition, more employees than ever are accessing business apps and data outside of the network -- often on personal mobile devices. Companies need to determine how much control over data and devices they require without overstepping privacy boundaries.

Endpoint security: Providing comprehensive protection

Endpoint security refers to protecting any device with access to company assets, including, desktops, laptops, mobile devices, IoT devices and so forth. While companies have long managed desktops and laptops, other newer endpoints -- many not company-owned -- must now be considered.

Endpoint security traditionally involved, at minimum, installing antivirus, antimalware, firewalls and device management onto devices. These enabled companies to completely control devices accessing corporate assets, but using so many tools can be overwhelming for security teams.

Then, along came unified endpoint security platforms. With these, admins were faced with a plethora of management decisions: Do they want an allowlist or blocklist? Is there the ability to remote wipe devices? How will they keep endpoints patched? Should geolocation be used to prevent impossible travel -- i.e., employees logging in from their home IP address vs. suddenly logging in later that day from an IP address halfway across the world? How about behavioral monitoring? Or centralized device management? What about browser security to mitigate network threats?

Using an endpoint security platform is likely the best bet for any company in an industry full of regulations and compliance mandates. Products such as those related to mobile device management (MDM) -- which is still suitable for BYOD deployments -- enable security admins to see everything that happens on a device and how data is read, accessed and exfiltrated.

Greg Foss, senior cybersecurity strategist for VMware Carbon Black, said companies should focus on endpoint security as it also provides a way to see where an attack originated. "We don't care what the exploit was; we want to know what were the behaviors that were executed that lead to the initial compromise." With endpoint security, he said, companies have a better chance of identifying risks before they become threats. One challenge, Foss noted, was that employees don't particularly love employers having any control over their personal devices.

App security: Employee freedom while protecting company data

App security, meanwhile, doesn't require users to install anything on their personal devices; the focus is on keeping apps protected, often through containerization and other similar software.

When seeing everything happening on a device isn't necessary, app security might be a company's best option. While smartphone OSes remain fairly locked down, which prevents many attack vectors, OS protections aren't a perfect solution on their own. Using an application security strategy, companies can give employees some freedom, while keeping corporate data secure. This is ideal when tight control over endpoints isn't integral, and the bonus is employees get a little freedom through a corporate-owned, personally enabled or BYOD policy.

"We're seeing security professionals more actively looking for ways to devalue the underlying device in the eyes of attackers. This primarily involves app security," Forrester analyst Christopher Sherman said. "If you don't know or can't control the security posture of a personally owned work device, using an app containment solution gives added assurance against compromised assets."

With app security, the focus is more on keeping apps protected from data exfiltration -- for example, by disabling cut/paste or screenshot capabilities when accessing business apps. This method worries less about who owns the device and where it might access data.

Isolation through containerization is one such approach. It provides a way to keep data safer from the rest of the device. "It makes sure the data is kind of in a vault and not easily accessible if the device gets stolen or lost," said Joe Partlow, CTO at ReliaQuest, a SaaS cybersecurity vendor. "Another option is remote app wipe capabilities. That was always a big downside to MDM -- remote wipe meant pretty much the entire device or nothing."

Using endpoint and app security in tandem

Whether your company wants to control mobile devices outside the network or control business-critical apps as part of an endpoint security strategy, both are options. They can also be used together in a defense-in-depth strategy, offering more complete protection for your organization.

Endpoint and app security overlap in a lot of different ways, Foss said. "Endpoint protection looks at what the processes on your system are doing, what they are touching, what kind of subprocesses there are, command-line arguments, etc. App security is the security of the application itself and how someone could gain access to the OS or execute code."

Whether to use endpoint security, app security or both depends on how much a company wants or needs to protect data. Maybe it wants minimal views into a mobile device to ensure employees follow a commonsense security checks -- for example, if devices have the latest OS and updates or an enabled lock screen. In this scenario, employees won't worry about IT spying on their usage or wiping the whole device.

Either way, any enterprise cybersecurity strategy should address all endpoints within the company, whether they are owned by corporate or not. The best endpoint security strategy for a given company depends on its industry and regulations, as well as what employee freedom it can offer. Can employees use their own devices and be trusted to protect business-critical data? Or should only locked-down devices be able to access corporate data?

The tide seems to be more and more in favor of allowing employees some semblance of freedom, which is where endpoint security platforms may need to adapt in the future and integrate more with app security.

Next Steps

EDR vs. SIEM: What's the difference?

Dig Deeper on Network security