You can’t protect what you can’t see
Enterprises have always leveraged technologies to gain a competitive edge, and the current digital transformation underway has led to unprecedented network expansion. This increased complexity can result in losing visibility into new attack vectors and exploits targeting devices and services running across the network. Modern networks have become accessible to myriad end points, including user devices and smart, connected devices (IoT) accessing corporate resources. Additionally, many of these endpoints may not be 100 per cent-owned and-controlled by the enterprise. In the case of IoT devices, even those that are corporate-owned, IT may not have control over their firmware — compounding the challenge of tracking their levels of security or compliance with corporate security policies.
The growth in both the volume and sophistication of those devices demanding access to corporate resources now comprises a larger percentage of total network bandwidth, and this trend will only continue as an estimated 125 billion connected devices are predicted to be in use by 2030.As a result, connected devices have become a prime target for cybercriminals, infecting IoT and end point devices with malware designed to evade detection, and then moving laterally across the network.
Mitigating the endpoint threat
To ensure these connected devices are identified and accounted for from a risk perspective, IT teams must deploy security controls that allow them to be discovered, assessed, and continuously monitored within the security context of the network. Getting sufficient visibility into each end point must be done in several stages, each of which provides different information: – Discovery: During this initial phase, organisations must determine key identifying features of the network, including all connected end — user and IoT devices. This includes knowing every person who has access to the network, the types of devices that are connected, the operating systems and software that are installed, and any unpatched vulnerabilities. And this process must be continuous, as the highly mobile and often temporary nature of end point and virtual devices means that the threat landscape is constantly changing.- Assessment: Device and threat intelligence gathered from the moment of access must enable organisations to automatically determine a device’s level of security, the risks posed by that end point, and what additional associated risks may arise while connected, using a risk scoring matrix. From there, teams can determine how to remediate those risks.- Continuous Monitoring: Once initially identified threats are mitigated, and end points must be continuously monitored to ensure they continue to meet security compliance requirements and that they do not become infected. This includes collecting and sharing threat intelligence gathered from each device with the rest of the network’s security controls, in order to add an additional layer of protection and response across the distributed network.
As networks continue to be inundated with connected devices, they require end point controls that can automatically integrate with other security solutions deployed across the network in order to effectively share intelligence and maximise protection. These capabilities will be increasingly crucial as we adopt the next generation of end point controls.
Organisations cannot secure against the threats posed by endpoints and IoT devices without clear visibility into exactly what is present on the network. Implementing an integrated and automated security solution allows IT teams to discover, assess, and monitor end points to ensure security and compliance.
Fortinet is a multinational corporation that develops and markets cybersecurity software, appliances and services such as firewalls, anti-virus, intrusion prevention and end point security, among others. Learn more at www.fortinet.com, the Fortinet Blog, or FortiGuard Labs