Four pillars of Endpoint Security

Enterprise Networks and their assets are often attacked by intruders. This problem is even worse by a completely penetrating enterprise network perimeter. When building a secure IT infrastructure, most enterprises take uninterrupted business continuity as their primary goal. However, users' computers, mobile devices, servers, or applications may be damaged by the attacker's attack power, and frequent shutdown occurs in the enterprise environment.

Distributed Denial of Service (DDoS) is an attack that can exhaust bandwidth. It is worth noting that many other situations may also cause heavy network load. For example, peer-to-peer file sharing, massive use of streaming videos, and peak usage of internal or external servers (for example, Black Friday in the retail industry ), can cause slow network operation when internal users and external customers access the network.

Streaming video is another example of a good high-bandwidth application. many different types of enterprises are increasingly dependent on streaming video for core business operations. Remote distributed companies use it for inter-office communication, while brand management companies use it for media activities, and the military uses it to issue commands and control.

The following situations cause instability. It is easy to initiate DDoS attacks. streaming videos are highly sensitive to bandwidth availability. Even under optimal conditions, the network load is heavy. enterprises are increasingly dependent on these technologies.

IT administrators must be prepared. They need to change their long-term ideas and plans for resource usage, protection of devices on the network, and protection of critical network bandwidth. This endpoint security model helps them consider these issues based on the current reality.

Four Pillars

The basic premise of the four pillars is to allow network execution, even when attacked. The first step is to identify the endpoint. What is an endpoint? In this model, the endpoint is the location where the actual work is completed: desktop, server, and mobile device.

After remembering these endpoints, it is important to make policies to protect these endpoints. The goals of this policy-the four pillars of endpoint security-are as follows:

Prevent the endpoint from being attacked

Enable Automatic Recovery of Endpoints

Monitor network bandwidth

Enable Automatic Network recovery

Remember the above goals. The four pillars of effective endpoint security are as follows:

Strong hardening of Endpoints

Endpoint recovery

Network priority

Network Restoration

Several other goals need to be considered for each pillar. First, we recommend that you automate this process as much as possible. After all, there are only so many hours a day, and the IT management staff have been fully scheduled.

Second, the network should be monitored in order to understand the real-time situation. Although one of the two pillars of recovery is to minimize the monitoring burden, sometimes you must implement manual defense and preventive measures. In addition, even under normal circumstances, the device sometimes fails.

Third, establish a feedback loop. As attacks become more and more complex, we must acknowledge that our defenses do not always keep up, unless they are backed by constant and correct defense investments. At the same time, we must be aware that, based on past circumstances, it is difficult to prove that there are ample reasons to invest in network security as an important business expense.

This is why continuous monitoring and feedback are important. The more we understand (and can demonstrate) the actual threats and attacks that occur on the perimeter and in the network, the better the evidence is that it is reasonable to protect the attention and expenses invested by the company's assets.

Strong hardening of Endpoints

The first pillar-strong hardening of endpoints-is to ensure that network assets use the latest technology to block threats. Typical threats include insecure email attachments, viruses that spread over the internet like worms, and anything that threatens your Web browser.

An example of attack defense measures is the use of software such as anti-virus and anti-malware. Another example is to isolate computer application processes from potential malware or sandbox processing of potential malware through the mandatory Integrity Level enforced by the OS. This protection type applies to Internet Explorer versions 7 and 8 on Windows Vista and Windows 7.

A useful improvement is the ability to centrally deploy and manage isolation settings for the entire host. To achieve the usefulness of this task, third-party applications should be able to work continuously (and be protected at the same time ).

So how to monitor this pillar? You shall use a scalable method to monitor network assets in the domain to prevent intrusion. You should also monitor unexpected behavior patterns.

Endpoint recovery

The goal of endpoint recovery is to ensure constant collection and monitoring of the running status of devices and applications. In this way, the faulty device or application can be automatically repaired, so that the operation can continue.

The following are examples of techniques that can make endpoints more resilient: network access protection, configuration of baselines, and management tools (such as Microsoft System Center ). An improvement in this area will be combined with the above technology to generate Automatic Recovery behavior based on a standardized baseline that is easy to scale.

How to monitor this pillar? Consider any of the following trends: Which computers do not comply with the rules, how do they specifically do not comply with the rules, and when does this kind of non-conformity occur? Both internal threats, external threats, configuration errors, and user errors can be inferred based on all these trends. In addition, when using this method to identify threats, you can constantly make the endpoints more robust in the face of increasingly complex distributed attacks.

Network priority

The goal of network priority is to ensure that your infrastructure can always meet the bandwidth needs of applications. This factor will not only be applied in the well-known peak demand time, but also when unexpected network load surges and distributed external and internal attacks occur.

Technologies that can manage application bandwidth include DiffServ and QoS. However, this pillar currently represents the biggest technological gap between demand and commercial supply. In the future, it will help the solution integrate user IDs, application IDs, and enterprise priorities. Then, the network router can automatically divide the bandwidth based on the information.

How to monitor this pillar? The network router should perform traffic records to analyze the trend. What is the difference between today's traffic and yesterday's traffic? Is the load increased? What new addresses are involved? Are they from abroad? Effective comprehensive monitoring helps answer these questions.

Network Restoration

The goal of network recovery is to allow seamless asset failover. With this technology, you can ideally reconfigure the network in real time when performance declines. Similar to the restoration capability of the endpoint, this pillar aims to improve network self-recovery performance and minimize the management burden.

However, this pillar also reminds everyone that failover and Redundancy must be taken into account, both on a large scale and on a small scale. For example, you can use the cluster technology to provide failover for a single node in the data center, but how can we failover the entire data center or region? It is undeniable that, because we must also consider the office space, basic services and staff (this is the most important), the scope of the challenge of disaster recovery plans is still increasing.

In addition to clusters, other technologies under this pillar include replication and virtualization. How to monitor this pillar? Failover technology usually relies on monitoring. In addition, when enterprises need to develop, you can use loading data to execute resources and procurement plans.

Implementation Pillars

Each of the four pillars of endpoint security may be commercial supply security, network and business continuity technologies that are not fully utilized or not yet deployed by most organizations. Therefore, IT administrators have the following business opportunities:

Identify threats and gaps in network defense using four pillars (or some other frameworks)

Additional investment in automation and monitoring

More closely involved in making decisions on the costs and benefits of these efforts

Some enterprises may have found themselves at the forefront of existing technologies in one or more pillar fields. Therefore, the corresponding entrepreneurs have a lot of business opportunities. The key is to adjust the idea to consider each of these four pillars, because each is important.