What is the best approach to measure the effectiveness of your organizations endpoint security?

Posted by Susan Sison on Feb 9, 2016 9:44:32 AM

Endpoint security is one of the most important parts of your security mix – but it’s also the most difficult to verify. In a world where endpoint count grows exponentially, how do you know your security strategy is making a real difference?

endpoint protection

Thanks to the demands of global distributed teamwork and business travel, endpoint security can be especially mysterious. Legitimate devices might connect for very brief periods, never to be seen again, and they might be difficult to identify in your system logs.

Luckily, there are plenty of ways you can ensure your endpoint security is up to snuff, even if your endpoints seem to be multiplying like rabbits. While many of these are time-consuming and resource-intensive, they pale in comparison to the costs of a data breach!

Consider Penetration Testing to Inoculate Against Unauthorized Endpoints

"Pentesting" is one of the most effective ways to see what really happens when the rubber meets the road on IT security. In a penetration test, an outside consultant launches a barrage of attacks on your network in real time. He or she generally has limited knowledge of the network, just like a real hacker, and will try to gain access to the most sensitive data possible.

Penetration testing should be announced in advance, but take place over a long enough period that no one can be ready for everything that might happen. After the test, an analysis of endpoint weaknesses can be produced and evaluated to improve your security. Also note: Your legal team needs to be involved to ensure penetration testing has no liability implications for you or your tester!

Close the Loop With Effective Endpoint Tracking

To really control the field with your endpoint security, you need to have end-to-end tracking of all endpoints. This can be difficult as stakeholders move around the globe and use “BYOD” to bring new laptops, tablets, and smartphones onto the network – but it’s a challenge you have to meet if you want your network to be secure.

Automated cyber controls should discover and classify endpoints, sorting them into:

  • Unauthorized and authorized hardware and applications
  • Transient devices and software
  • Unknown endpoints
  • BYOD hardware
  • Network devices and platforms
  • Cloud-based and virtual applications and systems

This kind of proactive vetting system supports the development of policies that can be enforced on the whole legion of devices within your network, ensuring that hardware and software with significant vulnerabilities can be excluded or updated.

Use Dashboarding and Data Visualization

Your ordinary network operations produce reams of data every hour. Attackers know this and use it to mask their activities. Even an excellent IT security team will typically need days, if not weeks, to fully understand what took place in the event an attack isn’t caught while it’s in progress. A good security dashboard can correlate information across your system and allow you to act faster if suspicious or unverified endpoints go active.

What about the attacks you don’t catch? It’s important to have a data forensics process in place so you can generate “lessons learned” from these events. Again, a dashboard will help you narrow down the relevant data and determine the extent of the damage. The faster you do so, the easier it will be to prevent repeat attacks or copycat crimes using the same vulnerabilities. Acting fast can help manage the PR challenges that follow an attack.

NCA Offers Cutting-Edge Endpoint Security Services

Security threats are evolving every day. Even the most well-prepared enterprise might not have the in-house resources to keep up. To discover how NCA can help, read our data sheet on endpoint security services.

Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.

NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.