User Tools

Site Tools


Vulnerable endpoints

An endpoint is a computing device that communicates back and forth with a network to which is it connected, like desktops, laptops, smartphones, tablets, servers, workstations, printers, and is not limited to physical devices, but includes, for example, browsers and web applications. They all represent key vulnerable points of entry for adversaries.

With people becoming more mobile and users connecting to internal resources (home or organisational intranets) from off-premise endpoints all over the world, endpoints are increasingly susceptible to being breached. Objectives for targeting endpoints include:

  • Take control of the device and use in a botnet to execute a DoS attack.
  • Use the endpoint as an entry point into an organisation to access high-value assets and information.
  • Access assets on the endpoint to exfiltrate or hold hostage, for ransom or for disruption.

Advanced endpoint security solutions prevent known and unknown malware and exploits; incorporate automation as much as possible so as to not have people only working on security issues and adhering to security policies; we need to protect and enable users without impacting their performance (much).

Mitigation requirements

  • To prevent security breaches, a shift must occur – from detecting and responding to incidents in hindsight, to preventing security breaches from occurring in the first place.
  • Where possible, endpoint security needs to be baked into hardware services from the start to avoid breaches.
  • Endpoints must be protected from known, unknown and zero-day threats delivered through malware and exploits independent of whether a machine is online or offline, on-premise or off-premise, connected to an organisation's network or not.
  • Threat data must continuously be gathered from within the organisation – from the network, storage solutions and endpoints.
  • Protection against exploits for all applications, including third-party and proprietary applications, especially when applications enhance security.
  • A fast check/test/validation/risk analysis/approval process for new applications.
  • Endpoint protection must be lightweight enough not to require significant system resources
  • The best endpoint security solutions support unpatchable systems by preventing the exploitation of software vulnerabilities, known or unknown, regardless of the availability or application of security patches
  • Scale (to as many endpoints as needed), be flexible (in its ability to provide protection while not overly restricting), and be manageable enough for deployment

en/threats/endpoints/start.txt · Last modified: 2019/10/11 12:34 by Digital Dot