Attackers want your employee usernames, their passwords, their authentication codes and access to your approved devices. They want your endpoints. They want to extract the information they contain, then use that information to penetrate your networks. From files to user credentials, endpoints can be a one-stop shop for thieves looking to go on a data shopping spree within your business, and your identity can be their way in.
Difficult to protect
When protecting endpoints and identities there is a delicate balance between flagging and impeding advanced threats, and preserving performance and functionality. Endpoint protection software monitors the behaviors of files and of websites. It compares those behaviors network-wide to current attack trends. The software is updated as solutions to new threats are discovered. That’s all well and good—as long employee systems or devices are not bogged down - and as long as employees abide by corporate security policies. But what happens when employees are on personal devices, off the corporate network, accessing data from applications in the cloud that are not sanctioned by IT? That’s where the first line of defense is identity protection.
In the world of cyber security, more is more. Cyber thieves have a lot of tools and take a variety of approaches simultaneously. Multifaceted attacks require multilayered levels of protection. Standard antivirus controls, password only solutions, and assuming employees follow standard security policies are simply not enough. Organizations need solutions that can monitor how endpoints operate and flag anything that’s out of the ordinary. The software has to know the signs, and how to respond to them. They need solutions that can help ensure that only the right people have access to the right data and applications, and if something suspicious occurs the right people are notified to take immediate action.
The cloud has no perimeters
“The goal of ensuring that only identified and authorized users have access to specific applications, data, and networks is the same as it has ever been. The challenge has expanded as a result of mobility and cloud computing.” writes Charles Kolodgy, Research VP with IDC’s Security Products services. Shadow IT and rogue cloud applications are a significant challenge for IT. For the most part users do not engage in this risky behavior out of any malicious intent but to improve productivity. However the danger of loss of data or a breach does exist because data is being made vulnerable. The burden falls to IT, which is challenged with ever more complex environments—more mobile users on more platforms, more user stores, more apps, more passwords—but not more resources.
The best defense is a strong offense. “With a single point of control, the complexity created by the explosion of devices and applications can be reduced,” Kolodgy explains. Validating the identity of a user and granting access to only the applications and data for which they are authorized, minimizes the potential for attack or unintentional loss of data. A strong focus on a positive user experience and access to sanctioned data sharing apps motivates users to follow security procedures reducing their risky behavior while not stifling productivity, which is vital for the competitiveness of an organization.
Above & beyond the standard
In addition to recognizing or minimizing risky behaviors, endpoint protection security and identity protection needs to be intelligent. “Security must also expand in sophistication in order to analyze data for indicators of compromise and provide a profile that includes a risk assessment for every file, URL, user, and many other variables,” writes Charles Kolodgy, Research VP with IDC’s Security Products services.
“Intelligent Security is the capability to analyze data to accurately identify anomalous activities that could indicate an ongoing attack,” he explains. “Security has to get smarter because of technology advances, user capabilities, and the exceptional capabilities of attackers.”
Intelligent security presents a variety of benefits. It can pinpoint where an attack began and how it progressed. It can separate the activities used in attacks from the standard activities that may be concealing them. Overall, intelligent security can make it easier to identify an attack and limit its damage.
Find more information about intelligent Symantec Endpoint Protection and Symantec Identity Access Manager, a next generation Single Sign–On solution with integrated strong authentication, access control, and user management, by visiting these links:
http://go.symantec.com/sep12
http://go.symantec.com/sam