Where does “it” end?
We can probably all agree that securing and protecting the devices that communicate with our networks is a fair definition of endpoint security. Similarly, these devices are one of the best places to start when figuring out how to secure your networks because they are a particular pain point for security teams, responsible for 70 percent of breaches and a source of daily headaches.
But within this traditional definition, what, really, is the endpoint of today? How we answer that question has significant security implications.
While the conversation has focused on devices thus far, consider that the “2019 IBM X-Force Threat Intelligence Index Report” found that “human error continues to facilitate breaches,” and the 2018 edition of the report noted, “To err is human … When it comes to data security, the potentially detrimental impact of an inadvertent insider on IT security cannot be overstated.”
If human error and manipulation are sources of so much frustration, are the devices really the problem?
Data Production and Consumption Are Going Big and Going Mobile
Let’s go through some quick points before diving deeper. Threat actors are taking advantage of devices with malicious intent, but we know that humans also facilitate breaches. Trends show a rising mobile-first preference, which has attackers moving away from malware. Phishing is increasing and remains the preferred attack method, according to Microsoft. In addition, as reported by Threatpost, with more and more organizations deploying mobile devices in professional settings, employees are using these devices for personal functions.
In fact, people are going mobile-first for their internet usage at such high rates that attackers are now tailoring their tactics for mobile viewing.
For example, Threatpost described a recent campaign in which threat actors used malicious tool kits to attack Verizon Wireless customers due to their deep understanding of the provider’s infrastructure, creating spoofs of seemingly legitimate subdomains. According to Lookout security researcher Jeremy Richards, this type of attack looks sloppy and obviously not legitimate when opened on a desktop. However, when opened on a mobile device, “it looks like what you would expect from a Verizon customer support application.”
For good measure, let’s add in some data production numbers. According to Forbes:
- Half of all web searches are conducted from a mobile phone.
- Every minute, we send 16 million text messages and 156 million emails (and some 103 million spam emails).
- Uber riders take nearly 46,000 trips every minute.
- Internet of things (IoT) devices are exploding, from 2 billion devices in 2006 to a projected 200 billion by 2020.
Clearly, part of the issue is manageability. You simply cannot keep your network secure without some kind of endpoint security solution because every minute counts once you have been breached. But big data and mobile are two factors that are testing the limits of manageability, giving way to a completely new meaning of identity and access management (IAM) and how we address the problem as a whole.
Where Is the Endpoint?
From these trends, statistics and developments, we need to ask some questions that, depending on the answers, could completely change how we think about and manage endpoint security.
Unlike in the past, when users were more conscious of their data production and consumption (access a stationary terminal, use it and walk away from it), today there is a great deal of unconscious data production and consumption (mobile devices are always on, always broadcasting and always connected to some secondary device such as a health monitor or watch). How does this situation of unconscious data production and consumption alter the meaning of endpoint security?
Previously, users were producing and consuming data in finite blocks, whereas today, there is a seemingly endless stream of continuous data consumption and production, mainly due to our mobile devices. This is one of the reasons we have big data, and the situation will only get worse as we integrate more IoT, wearable and peripheral devices — which, in part, explains why enterprises are adopting unified endpoint management (UEM) systems. Remember, humans are responsible for much of this data. How does this continuous stream of data alter the meaning of endpoint security?
Device or User?
Finally, given recent trends — specifically the shift to social engineering attacks — ask yourself: Is the attacker going after the device or the human to gain access to the network? Put another way, is it the device that is vulnerable, or the user? It’s not clear-cut who or what the target is anymore.
I’d assert that both the device and the human are targets because they each have their own unique vulnerabilities, and the intent will determine the method of attack. But that’s probably the easiest answer, and the nuance of the question deserves attention.
It’s the attack’s intent that throws all of this into a conundrum. Because you don’t know what you don’t know, the attacker has the upper hand. This reinforces why beginning with endpoints is a great way to protect your network.
But I’ll take it one step further: If your endpoint is the device, then your “startpoint” is the human. Attackers are always tweaking their tactics to get past the technology to the human. We haven’t even begun to discuss the human/tech interaction, but Verizon’s “Insider Threat Report” described five very possible scenarios that illustrate that interaction:
- The Careless Worker (misusing assets, resources and policies).
- The Inside Agent (stealing information on behalf of outsiders).
- The Disgruntled Employee (seeking to destroy company property).
- The Malicious Actor (stealing information for personal gain).
- The Feckless Third-Party (business partners compromising security).
So what’s the solution? To quote Lewis Carroll, “‘Begin at the beginning,’ the King said gravely, ‘and go on till you come to the end: then stop.'”
If Machines Are the End, Then Humans Are Very Much the Start
I don’t expect a couple generations’ worth of people to begin thinking of endpoints any differently; an endpoint will continue to be defined as a device that communicates with a network. But that definition puts into our mind that the device is the terminus point of data production and consumption. It’s a bit of a mental barrier, whether we like it or not.
Big data and mobile trends indicate that devices are not the terminus points; we are. We make the final decision to click the link. We make the final decision to send that information. We make the final decision to produce and consume data and where from.
Therefore, let’s step up our endpoint game by using technology to manage security while spending equal time addressing the problems caused by the “startpoint” of the system, the human. Looking at these issues as a looping continuum of data flow that is mobile, instead of as distinct and discrete issues with terminus points, may better position us to reduce the risk we face.