The advent of cloud computing and bring-your-own-device strategies has made it more difficult to secure specific endpoints, since administrators may be prioritizing ease of data access at the expense of safety. Threats remain, however, as much of the current generation of endpoint security software has not yet adjusted to aggressive hacking and cyberwarfare tactics that use individual endpoints as launching pads for widely distributed attacks.
In one of the most famous endpoint-initiated attacks in recent time, a family of malware known as Comfoo was employed to compromise the networks of many multinational corporations in 2010. According to CRN contributor Robert Westervelt, the Comfoo umbrella included a number of custom-designed backdoor exploits and trojans that could distribute malware on an ongoing basis. Perhaps more seriously, they could cause damaging data leakage by scraping network and account details and monitoring all user input. The Comfoo malware may have been part of a sophisticated cyberespionage campaign, as evinced by both its methodology and the lengths to which it went to avoid and misdirect endpoint monitoring.
The attacks used social engineering and email phishing to compromise targeted devices, highlighting how endpoints have become, in the words of security executive Jason O’Reilly, “surfaces” ripe for malware infiltration. Speaking to ITWeb, O’Reilly stated that endpoint software often does not sufficiently account for access from locations beyond the IT department, and that it does not have access controls that limit data exposure to authorized parties.
“Endpoint security solutions must offer layered protection that goes beyond signature-based detection only to include heuristic-based detection and polymorphic-based detection,” advised O’Reilly. “Today’s networks are exposed to threats from many different sources.”
Generating reports and catching threats in real-time
Business consulting firm Frost & Sullivan identified the high stakes for endpoint security and control strategies, which are under pressure from both outside attackers and seemingly insatiable employee demand for device choice flexibility.
“Enterprise IT organizations now face tremendous pressure to enable employees to access the corporate network and files from their own personal devices,” said Frost & Sullivan analyst Chris Rodriguez. “Considering their seemingly omnipresent nature, fast data connections, and powerful hardware and operating systems, these devices represent prime targets for hackers.”
What can organization do to clamp down on the unique weaknesses of mobile hardware? O’Reilly suggested that solutions should provide clear, comprehensive visibility into what is occurring on each endpoint so that threats can be swiftly addressed.