• United States




For endpoint security, trust but verify

Apr 11, 20186 mins
Data and Information SecurityEndpoint ProtectionNetwork Security

Your organization might eventually fall victim to a data breach but creating checks and balances to maintain a layered data security approach can help you come out the other side with fewer losses.

green army soldier on a laptop keyboard
Credit: Thinkstock

Just about everybody gets endpoint security wrong in one way or another. Organizations often think they are doing all the right things and have the proper technologies in place to keep data secure. That’s not too surprising when you consider that cybersecurity spending is higher than it’s ever been – an estimated $96 billion this year.

Yet there’s a glaring, and often overlooked, omission that warrants attention: organizations simply are not activating – or are incorrectly using – security tools that are already deployed on their endpoint devices. It’s an oversight that can’t continue to fly under the radar, especially when endpoint devices are the single largest group of devices inside the network today – and the most likely source of a security incident.

Consider that the average employee uses at least three devices for work purposes (laptops, tablets, smartphones, etc.). Each one of these devices represents a potential entry point for an attacker to exploit and gain unlawful access. By investing in – but not activating or incorrectly implementing – tools like antimalware suites and encryption agents on endpoint devices, it means unprotected, sensitive data is there for the taking by cybercriminals or insiders.

When we consider how rampant data-sharing and collaboration are in the enterprise today, and how much sensitive or confidential information gets shared, all it takes is a single unmanaged or unprotected device to cause chaos. A careless click on a malicious link, a disgruntled or negligent insider, or a targeted attack can lead to big surprises and tough questions from your executive team when it’s discovered that your data wasn’t as secure as you thought it was.  

The answer for CISOs in many cases takes a simple shift in strategy and a new twist on an old adage. President Ronald Reagan first started using the English translation of an old Russian proverb, “trust, but verify”, as part of the extensive nuclear disarmament talks with General Secretary Mikhail Gorbachev in the 1980’s.

Since then, the maxim has found colloquial use throughout the world of information security, usually when dealing with critical third parties. But what if we were to pivot that idea and point it inwards? You can make it a beacon by which security leaders architect their endpoint security efforts.

The outdated strategy of placing an AV suite on the endpoint device and focusing security resources on your core network infrastructure simply doesn’t work anymore, if it ever really did. Whether or not you have the optimal mix of endpoint security controls and strategy in place is another topic for another day.

For now, given the likelihood is high that you have made endpoint security investments of some sort, let’s recognize the importance of verifying the security tools you have put on the devices themselves are, in fact, functioning properly and that the data on them is secure.  

On the quest to adopt a “trust, but verify” approach to endpoint security, here are five pitfalls to avoid:

Do not assume you know what and where all your assets are

Even the most well-prepared and well-funded IT security organizations struggle to see and manage their entire ecosystem of endpoints. You need to understand and have visibility into your asset inventory before you can adequately protect it. For every other step in the chain to be successful it requires leveraging a strong asset management strategy.

Do not “set-and-forget” current endpoint security tools

You can’t just assume existing endpoint security investments are being used effectively. By doing so, you miss the important step of verifying they are functioning properly. Endpoint security tools don’t work like the Ronco™ rotisserie. You’ll never be able to flip a switch and forget about it.

Do not let your endpoints go unmonitored

Recognize the importance of automated monitoring of devices, both inside and outside of the network. Not only do you need to monitor the health of your security agents, but also make sure you are monitoring for sensitive data and unauthorized software on the endpoint. Keeping tabs on the software installed on your endpoint devices is as critical to your overall security success as having an accurate picture of the devices themselves, because…   

Patching is an eternal struggle

Many organizations continue to struggle with keeping on top of deploying security updates and patches for both the operating systems on their endpoints and the software running on them. This means that it becomes a critical imperative to have management access to your endpoint devices no matter where they are. Your patching program will be significantly hampered if you can only deploy patches to endpoints if they are connected inside your network or by VPN.

Do not wait for punitive measures to force a focus on data-centricity

In today’s world of mega-breaches and negligent treatment of customer information, regulators have little tolerance for poor security practices. Global security standards are becoming more rigid, and the penalties for non-compliance are more severe. Regulations like GDPR may help shift the collective focus toward protecting data, but you shouldn’t wait for GDPR to boost your data protection measures.

While organizations may believe they are meeting regulatory requirements for data protection, it is important to note that making these endpoint security purchases does not automatically check the compliance box. Installation doesn’t either. CISOs need to verify that the protections in place are active, and that every device and piece of sensitive data is accounted for.

This way, they can reduce the risk associated with prevalent hidden issues, such as, having several devices with an encryption agent installed – but that aren’t encrypting anything. At the end of the day, a big part of having a good security posture comes back to trust and verification. Your organization might eventually fall victim to a data breach but creating checks and balances to maintain a layered data security approach can help you come out the other side with fewer losses.

Secretary Gorbachev said, when he quoted Ralph Waldo Emerson, “the reward of a thing well done is to have done it.” In the world of endpoint security, the reward of a security tool well done is to have done it and then verified it.


Richard Henderson is Global Security Strategist at Absolute, where he is responsible for trend-spotting, industry-watching and idea-creating. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground.

He is a researcher and regular presenter at conferences and events, and was lauded by a former US DHS undersecretary for cybersecurity as having an “insightful view” on the current state of cybersecurity. He is also a skilled electronics hacker: he was one of the first researchers in the world to defeat Apple’s TouchID fingerprint sensor on the iPhone 5S.

Richard can be found speaking at industry conferences including Gartner’s Security and Risk Summit; he also provides media commentary for publications ranging from Wired to CSO.

Richard also helped edit colleague and friend Tyson Macaulay’s latest book on IoT Security: RIoT Control: Understanding and Managing Risks and the Internet of Things. He is currently co-authoring a 2nd edition of Cybersecurity for Industrial Control Systems.

The opinions expressed in this blog are those of Richard Henderson and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.