Page 51 - Publication6
P. 51
For today�s data security professionals, the front line has regardless of the physical location of the device, and go far
shifted. Yes, the network perimeter still needs to be beyond the capabilities of typical anti-virus software and
defended. Yes, enterprise data still needs to be defended. firewalls. The intelligence gathered on endpoints can even
But the new front line is the endpoint — namely, users and be shared with security information management systems,
devices. intrusion protection, and network security systems. This
approach provides a level of functionality, transparency,
Consider the massive data breach that hit Target Corp. in
and control that would be otherwise unobtainable.
late 2013. Forty million accounts were exposed, but not
because enterprise servers or the routers were unprotected. For instance, endpoint security can detect suspicious
No, a subcontractor responded to a phishing e-mail, and processes without relying on signatures. And it can also act
the attackers installed malware on the victim�s device to on security intelligence gathered from the cloud, to block
steal login credentials used to access the Target network. threats that have been discovered by various sources.
From there they used point-of-sale malware to exfiltrate
Since it resides on the endpoint, this security model can
data.
automate remediation and threat removal. Beyond that, it
Everything stemmed from one vulnerability on one can share the intelligence gained from detecting new
endpoint. Sadly, Target�s story has become the new normal. threats with other endpoints in its network, to provide
End users and devices have become the weak link, as them with immunity and prevent recurrence of the
hackers increasingly find ways to use the endpoint as a infection elsewhere in the enterprise. It can monitor
gateway to enterprise networks. To make matters worse, endpoints for new threats, including advanced persistent
endpoints no longer reside on secure networks. With the threats (APTs) and zero-day attacks. In the event of an
advent of mobility and cloud computing, users and devices infection, it can provide real-time forensics based on
now routinely roam beyond the safety of enterprise endpoint data captured during the attack.
firewalls, intrusion prevention systems, and other security
This endpoint approach also enables organizations to
controls.
deploy comprehensive protection for desktops and servers
This includes unprotected public networks in hotels, coffee (both Windows and OS X), mobile devices (both Android
shops, stadiums, etc. Even if we wanted to extend enterprise and iOS), industrial control systems and other mission-
security outside the firewall, it just isn�t practical to redirect critical devices, and embedded systems such as POS
all traffic through a virtual private network for inspection. networks. The network perimeter is, for all intents and
Throughput, bandwidth and even user privacy constraints purposes, no longer defensible. Today the perimeter has to
make this unfeasible. When user devices become infected, be drawn around each and every endpoint, or the entire
they return to the office with them, where the infection can enterprise will be vulnerable. This is possible with endpoint
spread. This allows the attacker who launched the infection security.
to effectively bypass the enterprise�s network-based
About the Author
security. No additional technology is necessary. Watching
the network connection from the enterprise side to monitor Tomer Weingarten is CEO of SentinelOne. He routinely
what users are doing is becoming increasingly futile, since works with law enforcement and intelligence agencies on
almost every service these days uses the SSL encryption cybercrime investigations in his current role and also with
protocol. As a result, almost no information is available. a previous company. He was recently invited by the White
On the other hand, monitoring endpoint activity can House to attend the Summit on Cybersecurity and
provide unprecedented visibility into security threats Consumer Protection at Stanford University.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3
