5G is in the news a lot these days — and for more reasons than technology prospects and marketing purposes. A significant amount of talk is focused on suppliers, trade implications and national security issues, but rest assured, the technology will be deployed, and we will be using it. It’s just a matter of whose equipment we will be using and when it will be deployed.
This is exactly why endpoint protection is such an important issue — 5G technology is coming and nothing will stop it, so we need to be prepared.
A Recap of 5G Challenges
If you accept that this blazing-fast, super-capable technology comes with three inherent challenges — manageability, the supply chain and usage — then the endpoint protection challenge makes a whole lot more sense. More to the point, your endpoint protection strategy could end up defining how security is managed for the entire enterprise.
In other words, proceed with caution as you integrate new 5G devices and services into your enterprise, because if you end up doing this on shaky ground, you may be setting yourself up for a world of hurt. In fact, endpoint protection as a whole is on shaky ground, even before widespread next-generation technology deployments. Consider the following figures from Absolute’s “2019 Endpoint Security Trends Report“:
- More than 70 percent of breaches originate at the endpoint.
- Forty-two percent of endpoints have encryption failures at any given point.
- Twenty-eight percent of endpoints have dated or missing antivirus/anti-malware tools.
Now, what does widespread 5G deployment do? It will explode the number of endpoints by an entire order, or multiple orders, of magnitude. We will see a plethora of internet of things (IoT) devices deployed with the rollout of the new network, with new challenges all orbiting around manageability, the supply chain and usage. Get these aspects as right as possible, and you’ll be in a good place. Get them wrong, and you’ll be putting the business at unnecessary risk.
How Is Endpoint Protection Changing?
Before we figure out how to create an endpoint protection strategy in the new mobile, hyperconnected world, let’s make sure we’re clear on definitions. Let’s start by breaking down Gartner’s definition of an endpoint protection platform:
“… a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.”
All right, so far so good, but as the definition goes on, it starts to raise some caution flags. For example, the definition rightly admits that detection capabilities will vary and advanced solutions will use multiple detection techniques, but here’s where the caution comes in: As detection techniques evolve, so do the attackers. Don’t think adversaries are just sitting idle. Remember, adversaries have an advantage we defenders don’t: They don’t play within the rules.
Microsoft’s “Security Intelligence Report Volume 24,” which looked at security signals throughout 2018, helped illustrate the changes in attack vector tactics, namely a reduction in ransomware and malware and increases in crypto-jacking, targeting of cloud providers, drive-by downloads, phishing attacks and supply chain compromises.
So whatever your endpoint protection strategy is, remember this: It needs to be dynamic and ready to change. That’s why solutions such as security orchestration, automation and response (SOAR) tools, which give context to security information and event management (SIEM), are your friend.
Why? Because your 5G endpoint strategy needs to hit the three main challenges of manageability, the supply chain and usage, and these tools give you a fighting chance. Yes, it’s mantra-like to keep repeating these three inherent challenges, but it’s the only way. The nature of cyberthreats today hasn’t really changed that much over the last five or 10 years; it’s all pretty standard stuff, such as bad or irresponsible human behaviors, spotty code, a lack of patching, misconfigurations and so on.
The problems are more or less the same; it’s the size, scale and speed that is changing. Everything in “morederation,” let’s say.
Or think about it like this: A professional hockey player today is bigger, faster and generally more technically skilled than a player from 50 years ago, but if today’s player can’t skate to the other end of the rink, what good is the fancy new composite stick that lets them unload a 110 mph shot? On the other hand, if you’re a master skater at the core, new tools will make you a scoring machine.
How to Develop Your Endpoint Protection Strategy for 5G
It is absolutely crucial to start with the basics before you buy something shiny. These three simple steps will help you increase the life span of your endpoint protection strategy, no matter what it looks like today:
Conduct a Needs Assessment
Figure out what your enterprise needs before you deploy 5G-related technology. This shouldn’t be guesswork. Your estimates should be based in reality, not fantasy.
Will this task require some cross-functional teamwork? Absolutely. You can expect all your standard enterprise challenges, including business segments saying, “I absolutely need this,” and IT security saying, “You cannot possibly have this.” But these conversations need to happen or else you’re setting yourself up for a whole bunch of wasted money and resources. Or, worse, you’ll walk right into a data breach because you’ve bitten off more than you can chew.
Determine Your Scaling Limits
This is the natural follow-on from a needs assessment, but with technology changing so fast, you need to determine your scaling and life cycle limits. Whether it’s 5,000 endpoints over two years or 100,000 endpoints over five years, pick some reasonable numbers so you can plan appropriately. Keep in mind two old rules: If you can’t measure it, you can’t improve it, and perfect is the enemy of good enough.
Stress-Test Your Network Before Adding to It
It’s important to know what your capacity limits are for the simple reason that the influx of endpoints may overwhelm your enterprise’s capabilities — assuming, of course, that you’re not already overwhelmed. That’s why there is never any harm in testing your network in some controlled manner. If you can survive the testing, you’re in better shape to survive the cyberthreat landscape. This is the stage where you do all your standard reviews, vulnerability assessments, penetration testing and red teaming.
Don’t Underestimate the Basics
Do these things right (learning how to skate) before you get your composite stick. Or, in our case, adding SOAR capabilities to SIEM, for example. Not only are you detecting and responding, you are also remediating. And when morederation happens — 5G will do that — every little bit helps.
Because the connectivity ecosystem we live in is always changing, you need to figure out where you are today to know how to get to where you’re going tomorrow. The future will operate on billions of endpoints, many of which will be running bespoke operating systems. And despite the ludicrous speed at which this future will be moving, systems can still be brought down with a few kilobytes of malicious code.
So make sure to hit all the basics. Examine your foundations and ensure they’re solid. Do all of this before you implement new 5G technology. Ahead of a complex future, a simple back-to-the-basics security strategy could be your best bet to keep your enterprise safe and secure.