The subject of endpoint integration, and integrated security, is a difficult one. First it’s necessary to define exactly what an endpoint is. It’s simply the end of one communication channel,

for example, a server, tool or application which ‘listens’ for connections and functions as a doorway for the exchange of data.

Problems arise when the wrong kind of data gets in – malware, spam or unautho-rised intruders can infiltrate through endpoints and rapidly infect entire networks. But more problems emerge when different parts of your security set-up fail to communicate with each other, allowing data breaches to go unreported for a disastrously long time.

For this reason, a sophisticated new breed of integrated endpoint security has emerged to keep businesses safe, taking up where tra-ditional unified threat management (UTM) solutions left off. There are several essential differences between traditional UTM and next-generation, integrated options.

UTM is a product with limits. It frequently involves a box with a number of capabilities, simply installed and left to run. Integrated end-point security, meanwhile, is more dynamic, and consequently a little harder to describe.

“You can think of it in terms of the endpoint, and the network,” said Michael Conway, direc-tor of Renaissance, a leading Irish value-added IT security distributor. “UTM typically involves a box sitting on the perimeter – a box, a device or a server. It can be physical or virtual, but either way it will sit on the perimeter with a number of technologies contained within it. There might be a firewall, a mail filter, antivirus and so on.”

Endpoint protection, meanwhile, can range from basic security to highly sophisticated,

cutting-edge technologies communicating with each other. “At its most vanilla, endpoint protection can mean a classic antivirus tech-nology,” Conway said.

“Since that first appeared, there have been many buzzwords, some of them more substan-tial than others, to describe what has replaced that classic antivirus. ‘Next-generation end-point’ is often used – it means that the plain antivirus has been replaced with a number of technologies including ransomware protection. Antivirus has evolved and moved up a step, and a range of products can be delivered in a single package.”

Dr Vivienne Mee, founder of VMGroup, said businesses need to think broadly about secur-ing endpoints from desktops through mobile devices and everything they connect with.

“An endpoint is a point of access to a network in an enterprise, which can be potentially ex-ploited by malicious activity. A security solution will protect these points of entry from mali-cious activity and attacks,” she said.

This security can take many forms: encryp-tion, application control on the network, and more traditional solutions such as antivirus

and malware protection.“Encryption is becoming more and more

popular as the traditional antivirus and mal-ware protection alone does not fight against exploits such as ransomware attacks,” said Mee.

“A centrally managed endpoint security platform is becoming more popular with or-ganisations, where all the endpoints can be managed centrally, ensuring that any endpoint on the network is compliant with data security standards.”

It’s crucial to include every device on the network in this strategy: “People tend to neglect the mobile devices, and the ‘bring your own’ devices. Although these can be centrally man-aged, often there are multiple reasons why they are not as secure as the endpoint,” said Mee.

Every business has a budget, and it’s tempt-ing to choose a lower-priced, basic or ‘standard’ antivirus to protect against attacks you presume will never actually happen to you. Security can be a matter of life and death for your business; if you fail to take sufficient measures to protect your network, you might even be liable for penalties under GDPR.

Brian Murray, enterprise account executive for Ireland and the Channel Islands at Sophos, said: “To ward off sophisticated threats, you need a sophisticated solution, one that takes a multifaceted approach. With Sophos Central there’s threat protection, web control, periph-eral control, DLP (data loss prevention), app control and device encryption all using the same agent.

“One of the big benefits of a solution like Central are the threat cases. These provide a root cause analysis, so you can see how the attack played out, where it came from, what it changed and how it has spread across your environment.”

SECURITY WATCH

32 | The Sunday Business Post | October 2019

Róisín Kiberd invites you to check your endpoints. Are they secure? Are they integrated?

Dr Vivienne Mee,

founder of

VMGroup

THIS IS THE END(POINT)

To ward off sophisticated threats, you need a sophisticated solution, one that takes a multifaceted approach

DNSSEC, the acronym for domain name system security extensions, is crucial in protecting your business from coordinated malware and distributed denial of service (DDoS) attacks, blocking the intruders before they can install their payload.

Conway advised businesses to look for DNS protection as part of an endpoint solution: “It’s added in with certain solutions, but it depends on the brand and the technologies they have. All integrated endpoint solutions are slightly different, but will have a basic antivirus at least.”

Security should never be a static thing; the threats are evolving, and your strategy for fac-ing them should be too. “You can get antivirus for very little money, and, frankly, often that’s more than it’s worth,” said Conway.

“Unless you’re using an evolved, next-gen-eration product with anti-ransomware built in as a minimum, potentially with DNS pro-tection and more, you’re not getting the full range of protection.”

DNS protection needs to work in conjunc-tion with a firewall and antivirus – some vendors also link to a UTM – to form a ‘stack’, working in tandem with your endpoint solu-tions. Conway said: “This means you’re getting sophisticated endpoint protection that really looks at all the activities taking place.”

Marc O’Regan, chief technology officer at Dell Technologies Ireland, said companies need to realise that endpoint integration is about more than UTM.

“Endpoint technology is easy to use with other security tools, including all the tools you’d expect to find in an enterprise-class suite, and includes full disk encryption, bit locker management and removable me-dia-type encryption,” he said.

“As a differentiator we believe in offering policy-based encryption, where it’s applied to only certain types of files, and then advanced threat protection, which focuses on what we call signature next-gen enterprise.”

Advanced threat protection (ATP) allows users to monitor endpoints, analyse data

and detect and contain attacks without any compromise to productivity. “ATP will look at character-rich files and determine the likeli-hood of it being malware. Then it sends you alerts,” O’Regan said.

“There’s also threat protection, good old signature-based antivirus, web protection which blocks access to a large number of known phishing sites, anonymisers for so-

cial media sites, and everything else you’d expect to see – laptop firewalls and general port control which allows you to enable and disable USB ports and to control the devices currently attached to the corporate network.”

With a data breach, speed is always of the essence. Just as attacks multiply themselves, often taking over a device, then an entire network, before their victims know it, se-

curity software needs to move at a similarly frenetic pace. If a breach occurs, you have a mere 72 hours to notify the Data Protection Commissioner, and in-house you’ll need to respond a lot faster.

The best integrated endpoint security is able to catch and isolate threats as they happen, then alert you to them almost instantly.

“The amount of information contained

October 2019 | The Sunday Business Post | 33

The old rules still applySophisticated integrated endpoint security will benefit your business in ways you may never fully appreciate (it’s difficult to take stock of all the data breaches, lost information and lost time that won’t affect you). But don’t forget the simpler ways in which you can keep your organisation safe, with data hygiene, strong passwords and regular aware-ness training so that employees know when to be suspicious.

“It’s top of the list,” said Marc O’Regan, chief tech-nology officer at Dell Technologies. “Having good policies and good data hygiene remain the biggest challenges. You can potentially advise someone on their responsibility to safeguard their data – you can tell them about that all day long – but what’s more important is knowing that their attitudes are good, and that they have strong passwords and keep them secure, rather than leaving them lying around written down somewhere. It’s generally very straightforward; those really are the most important aspects of security.”

In ways, the human remains the weakest node in the network.

More than anything else, hackers continue to rely on social engineering, the practice of tricking users into handing over money and information using lies, fraudulent email addresses and convincing pleas for urgent action.

“It sounds trite to say it, but this is still a huge area of opportunity for criminals,” said O’Regan. “That’s why it’s extraordinarily important to make security the top priority for every person in an organisation.

ý

OKI, the smart choice for business

OKI’s Smart Managed Print Services programme encompasses a range of tried and tested methods and tools to establish the current state of an organisations print related costs and processes before OKI creates a professional bespoke proposal to suit individual customer specific requirements. Our sales and engineering staff work closely with our partners to offer Managed Print Solutions with maximum customer value.

www.oki.com/ie Tel: +44 (0) 1784 274 300

Smart Managed Page Services is a programme with a dedicated portal that will:

• Transform your business by introducing predictable costs, marginsandprofit

• Help you develop longer-term and more valuable customerrelationships

• Streamline processes by providing click pricing for faster and more accurate quotations

• Enable a price per page model for competitive advantage

34 | The Sunday Business Post | October 2019

in the (integrated) technology means we can alert people right at the endpoint level,” O’Re-gan said.

“It’s a much deeper and richer level of pro-tection, knitted into the native architecture. Without it you don’t get that rapid alert. You might not even be aware of it. It’s not just your device that’s been hacked; the whole network could be at risk of being hacked, and having these tools built into the technology, you can potentially be alerted before it reaches your corporate network.”

In terms of speed and precision, integrated solutions have an advantage because they can provide relevant details quickly in the event of a breach, Mee said.

“For example, an endpoint that has been breached may alert the central system that there is unusual activity, and that the endpoint could be reported as not having been patched

fully. Then the organisation can quickly re-move the endpoint from the network, at this specific point, instead of trying to find the endpoint that has acted as the gateway to penetrate the organisation.”

The result is that the organisation can fre-quently return to business as usual within an hour, with a new endpoint deployed to replace the affected one.

There’s also the question of standards; by opting for a top-of-the-line solution, and by speaking with experts, you can achieve compliance with minimal impact on your workflow.

“Integrated endpoint security allows infor-mation security teams to report management information) on the status of the estate to management in addition to aiding the de-ployment of patches, and policies across the organisation,” Mee said.

Similarly, these solutions are generally eas-ier to operate and to install: “Most integrated endpoint security solutions are deployed us-ing agents on each of the endpoints, making the rollout effortless within an organisation.,” she said.

Choosing which vendor to go with can be challenging, but it’s worth taking the time to consider your options. In a tech industry already heavily laden with acronyms, neolo-gisms and buzzwords which sometimes turn out to be meaningless, the genuinely effective products are myriad but difficult to spot.

Conway said: “The marketplace, and the buyers, need to understand that there’s no point in just buying the cheapest. There’s no point in buying the most expensive option either – you can’t assume all the products are the same.

“The more efficient business options, with all of the bells and whistles, will give you a better level of protection than others will, and they’ll be better managed, with better reporting.”

Traditionally, endpoint security relied on signatures, but it has since been updated to outwit evolving styles of cyberattack.

Murray said: “The big advances are in deal-ing with the unknown threat. Traditional endpoint security is still a valid, highly ac-curate way of defending against malware. It requires one user to get infected, a signature to be developed and deployed to all other machines for those to be protected against this threat.

“Criminals got wise to this, and began to develop unique, targeted malware for their victims. Because this has never been seen before, traditional antivirus cannot protect against this new piece of malware.”

Instead, Murray recommends a solution like Cryptoguard, by Sophos, which em-ploys behavioural detection to stop threats in their tracks. “Deep learning recognises the

characteristics of a malicious file, steps in and stops it. It’s a bit like having a world-class malware lab on every machine,” he said.

Once you’ve selected your system, it’s also worth calling in experts for advice on getting the most from it. While the best solutions should be relatively easy to deploy, there is usually a small amount of configuration in-volved.

“As with all modern security technologies they’re very sophisticated, but that doesn’t have to mean they’re difficult to deploy,” said Conway.

“The main thing is, if you don’t have the capabilities, then get involved with a partner or someone who looks after your system. In a business context you need to have someone, the same way you have a phone number for a family doctor or dentist or mechanic, in case you need to go to someone for a problem,”

“If you don’t have the capability to do it yourself, or you’re not comfortable doing it yourself, then get the experts in. Those people will be a port of call for you if anything goes wrong – and it’s never a case of if something goes wrong, it’s when. Typically, you will be attacked, or targeted, at some point in time, so be prepared.”

If your budget allows for it, and especially if your organisation is big, and tasked with handling highly sensitive data, you can also go with a more bespoke option. Dell Tech-nologies has provided security solutions to a long list of global companies, including GE, Rolls Royce and Ford, many of which required custom-built security.

O’Regan said: “We built a customisable security package for MasterCard that protects not only their entire network, but which en-hances the experience of MasterCard users, all over the world.

“The AI we use tends to be in the neural

net space – machine-learning algorithms, deep-learning algorithms, neural nets, blend-ing different algorithms together to create customisable solutions.”

It seems to be only a matter of time before AI is in fact a compulsory part of information security, not least because cybercriminals are using AI themselves to stage increasingly elaborate attacks.

“They’re using mathematics to figure out ways to get into corporate networks and to damage them,” said O’Regan. “On the other side, we’re also using advanced mathematics to figure out how rogue intruders are able to do these things. They tend to attack in a very sophisticated way, and we need to be ready to disarm potential hacks using equally sophisticated, if not more so, AI.”

The rise of complicated rogue attacks, in-volving anything from general phishing activ-ity through to advanced distributed denial of service) attacks, signals a new era of intelli-gent, well-planned and well-executed cy-bercrime.

“You’ll frequently see things like ran-somware, where a network is hijacked and held up, and the victim is asked to hand over money,” said O’Regan. “We’re noticing some extraordinarily sophisticated AI being created to commit these crimes, but we’re also using extraordinarily sophisticated AI to fight them off.”

SecureWorks, the Dell subsidiary special-ising in managed security services, managed detection and response and other services, even has a division dedicated to trawling the deep web for emerging threats.

“They spend their time on parts of the inter-net you’d never usually visit,” O’Regan said, “Gaining an understanding of the threats out there, and building parallel systems to protect networks from these threats.”

If a threat manages to reach a user’s system, they’re able to alert the network owner of any irregularities and can rapidly decide to freeze the threat or allow it access.

Lastly, it’s also important to bear in mind that, for all the advanced software and hard-ware in the world, your security strategy is only as good as those who use it.

Many common styles of cyber attack rely more on social engineering, ie, manipulating people and exploiting small human errors than on breaking through the digital barriers you put in place.

Mee said: “The main threats to endpoint security right now are phishing attacks, un-patched vulnerabilities and ransomware. Phishing attacks, in particular, are on the increase. VMGroup have seen an increase in Office365 phishing attacks over the last 12 months.

“Regular training is key in all organisa-tions, of any size, and user awareness is key to ensure people can identify an attempt at a phishing attack.”

Mee also recommended setting up a secu-rity operations centre (Soc). “Organisations should invest in a Soc environment with a threat-hunting function to find vulnerabilities on their network before they are exploited by an external source. Effective endpoint security solutions will also aid in managing patching across the network.”

Aside from the ability to find out faster when a breach occurs, with integrated end-point security it’s far less likely the breach will occur in the first place. “If a breach does occur,” Conway said, “you’ll have a far better chance of knowing that it occurred. Then, typically, you’ll be able to use something like root cause analysis to identify where and when it came in to the organisation, and will know when to close the door.”

The right product can truly save you time, money and – potentially – reputational dam-age. It opens up a range of capabilities, which, with non-integrated solutions, simply would not be available.

Michael Conway,

director of

Renaissance

Snowden book used in phishing scamSince its recent release on Septem-ber 17, Edward Snowden’s memoir, Permanent Record, has already ignited a series of controversies. The US Department of Justice vowed to sue for 100 per cent of Snowden’s profits, arguing that by writing the book, he broke non-disclosure agreements with the CIA and the NSA.

Critics, meanwhile, have called the book “gripping”, “riveting” and “another book for our times”, and further down the page of search results is another, darkly funny story to be found; apparently, copies of Permanent Record are being circulated online by cybercriminals as a way to trick people into installing the Emotet malware.

First identified in 2012, Emotet was originally created to target the banking sector, quietly stealing private informa-tion from its victims, before evolving to include banking Trojans, spamming and other malware, with the worm-like ability to spread throughout a network and infect multiple computers at once.

One current exploit involves a spear phishing campaign in which emails offer a free copy of Snowden’s book, executing malicious macro code on the victim’s computer as soon as they download it.

“The Emotet malware has spread ransomware and banking Trojans worldwide, including a number of at-tacks in Ireland,” said Brian Murray, en-terprise account executive for Ireland and the Channel Islands at Sophos.

“To understand how to protect against it, we need to start by under-standing how it works. Typically it starts with a spam email containing a malicious attachment. Once it gets into the network it will call home to let the hacker know that it’s successful, and will receive updates, instructions and payloads. Then it spreads – being a worm, it can do this without user activ-ity, although it does take advantage of any unpatched vulnerabilities, like the Eternal Blue exploit.”

Once Emotet takes hold, the hackers can steal email addresses, browser histories, usernames and passwords, and deliver ransomware. However, in-tegrated endpoint security can protect against it in various ways, preventing it from spreading and from contacting its ‘home’, preventing spam and theft of information, and, ultimately, stopping Emotet from entering a network in the first place.