Friday, October 18, 2013

SURVEY FINDS ORGANIZATIONS STRUGGLE WITH ENDPOINT PROTECTION


According to a recent Forrester survey many enterprises are still struggling to create a bulletproof endpoint security strategy for data loss prevention.
The survey advised organizations to gain more complete visibility over applications and the state of endpoints. This can help administrators identify possible vulnerable points, malicious behavior and other suspicious activities. However, a main threat that security professionals must deal with is malware protection.
Struggling with malware
Recently, experts placed the number of malware samples discovered this year at 147 million, according to CRN. These cyber attacks are not only threatening computer operating systems, but mobile devices as well as hackers now seek to infect smartphones and tablets.
Despite the seriousness of this endpoint security threat, the survey found that while businesses have antivirus software in place, it is not adequately protecting them. In Q2 2013, 89 percent of U.S. enterprises had implemented antivirus or anti-spyware within their operating systems. However, Forrester stated the endpoints within these organizations are not fully protected against malware infections.
With new malware samples discovered daily, organizations need to be proactive about their data loss prevention strategies. Therefore, it is important to continuously review and update antivirus and anti-spyware technologies to avoid data leakage. According to the survey, however, only 29 percent of businesses with current strategies in place are expanding or upgrading their anti-malware implementations.
Current malware challenges
The survey, which included 50 IT managers at organizations of 1,000 employees or more, showed that a main challenge faced by enterprises today is that of zero-day malware and targeted cyber attacks. Advanced malware attacks, which are sometimes pretested for optimum enterprise system infection, pose a great threat to endpoint security. Cybercriminals have the ability to customize zero-day malware to attack a specific vulnerability within an endpoint security strategy. The survey stated 88 percent of businesses within the U.S. are concerned about this type of threat.
Organizations also experience difficulty when attempting to patch end-user applications within their companies. According to the survey, 29 percent of businesses stated gaps in their endpoint protection plans are a result of a lack of patch management. While managing patch statuses can be quite the undertaking for any establishment, the risk of infection greatly increases when systems are out of date. Thus, IT professionals should create a schedule for patch updates, sectioning the updates off depending on the area of the business to more effectively complete the total workload.
Value of effective endpoint management
Forrester stated that IT security experts have found significant value in certain aspects of endpoint management plans, including cross-platform management. A feature of this kind allows administrators to view an organization’s physical, virtual, mobile and traditional endpoints. During a time when malware has the ability to span a range of systems and endpoints, a strategy of this kind is incredibly valuable to data loss prevention.
Historical insight, or the ability to recognize which systems have been affected by a cyber attack and for how long, is also an incredibly important piece of the endpoint security puzzle. Eighty-six percent of survey participants stated that it is helpful to keep a log of past endpoint activity to determine if the business has been a victim of a targeted attack.
Ziften, which sponsored the white paper, can help companies address these issues, as the enterprise software provider enhances security through means such as cross-platform management and providing root-cause forensic information about the endpoint post attack.

Thursday, October 17, 2013

NEW MOBILE MALWARE THREATENS ENDPOINT SECURITY


Experts recently determined that there were over 1 million malicious mobile applications present in the wild. These represent a significant threat to data loss prevention, especially within businesses with bring-your-own-device policies.
While BYOD policies can provide flexibility for employees as well as increased productivity, allowing workers to utilize the same device for personal and business purposes can threaten company data present on such endpoints. Therefore, IT professionals should remain up to date about new mobile threats and preventative measures.
Sys-Con Media contributor Peter Silva stated that mobile malware consequences can range from a device sending unauthorized text messages to adware redirecting users to infected websites. Experts recently discovered that 75 percent of all malware samples perform outright malicious activities, including data leakage. Another 25 percent execute dubious activities, like adware.
Silva stated that one of the most popular malware forms are apps that steal banking information from mobile devices, as seen with FAKEBANK and FAKETOKEN. These have been known to disguise themselves as official financial applications, as well as displaying phishing notices on devices asking for personal information.
Another popular form of malware is FAKEINST, which appears as a legitimate application that registers users for costly services like premium rate text messaging. Of the million malware samples discovered, this kind of threat comprises 34 percent, Silva stated.
Copycat App
A new strain of mobile malware similar to FAKEISNT repackages applications and is currently threatening data loss prevention efforts. The malware, called Copycat App or a.frau.longjian.a, has been affecting Android smartphone users primarily in China and Southeast Asia. According to Dark Reading, the malware presents itself as an application update, but aims to track data usage on infected systems. When a user downloads the malicious update, the malware also downloads other repackaged apps in the background. These repackaged apps consume the user’s data as well as performing other malicious activities.
The apps subscribe the user to premium rate SMS services without notification, where fees show up on the monthly bill. The malware also has the ability to view and collect information on the device, including the phone number and information from applications, stated Dark Reading. Mobile security expert Gavin Kim said superior technology was used to isolate and identify this malware, which spread across nine countries.
“This again, shows that malware knows no boundaries and will continue to spread as more affluent markets are targeted,” Kim told Dark Reading.

Wednesday, October 16, 2013

MORE THAN 80 PERCENT OF MOBILE ENDPOINTS AT RISK FOR DATA LEAKAGE


A new report recently discovered that more than 80 percent of enterprise and consumer devices were unprotected and therefore at risk of data leakage.
The Juniper Research report, Mobile Security: BYOD, mCommerce, Consumer & Enterprise 2013-2018, stated the unprotected devices found are expected to remain at risk through the rest of the year. However, while 325 million devices currently have endpoint protection software installed, this number is predicted to rise to nearly 1.3 billion by 2018, according to eWeek.
Mobile malware can take many forms and infect a system in a variety of ways. Security expert Adrian Ludwig told InfoSecurity that some malware can appear as a text message link from an unknown number and has the capability to install itself once a user clicks on the link. Additionally, close to 40 percent of malware samples are fake applications claiming to perform certain functions, but actually send premium-rate messages from the infected endpoint. Other malware samples are spyware and theft applications, which can record keystrokes and other activity.
Low awareness
A main reason why many mobile device users do not prioritize data leak prevention is due to low awareness of mobile malware threats, stated the report. Additionally, users are seeing an increase in infected systems as a result of a sharp increase in the amount of mobile malware created during the past two years.
According to eWeek, many cybercriminals are shifting their aim from infecting computers to establishing data-stealing malware for mobile platforms, as the number of mobile malware samples will reach 1 million by the end of the year.
BYOD policies
Furthermore, the study found that the implementation of bring-your-own-device practices within corporations has also increased. Experts advised these companies to employ more than one endpoint security program for optimum data loss prevention. In addition, a BYOD policy should be clearly and formally outlined to make sure employees are informed of security requirements and best practices.
“A single policy or measure may not be sufficient and a unified perspective on mobile platform risks is critical,” eWeek stated.
Android-targeted malware
Businesses should also be aware of what devices are being used to access a corporate network and take steps to ensure that each endpoint is secure.
InfoSecurity stated that 99 percent of all mobile malware aims to infect the Android operating system. Therefore, extra measures should be taken by employees and businesses to ensure these devices have endpoint software and are properly protected.
According to security researchers, many malware samples do not reach the install stage, however, these infections are still present and can pose a threat to data loss prevention efforts.

GOVERNMENT SHUTDOWN AFFECTS ENDPOINT SECURITY PATCHES


Government agencies affected by the recent partial shutdown may face difficulties installing software patches for endpoint security.
Addressing not one, but two critical security issues
This year marks the 10th anniversary of Microsoft’s Patch Tuesday, according to ZDNet. The organization has celebrated by releasing two critical patches that address security concerns related to the Internet Explorer browser, including one that was previously unknown to the public.
“The biggest surprise from this month’s advisories is that Microsoft has addressed not one, but two, critical Internet Explorer zero-days,” said security researcher Craig Young. “These fixes should be the highest priority for patch deployment, since both of these issues are being exploited in the wild.”
Furthermore, Tom’s Guide contributor Paul Wagenseil advised users to avoid utilizing the Web browser until all patches are installed and the machine is restarted. Wagenseil said both security weaknesses can affect endpoint data protection, as they allow cybercriminals to transmit malware when an individual clicks on a malignant page, infecting the browser despite the user only remaining on the corrupted page for less than a minute.
Microsoft released patches for 26 security flaws, in addition to updates related to the Web browser. These include certain remotely exploitable issues in Windows XP, Windows Server 2003, and Microsoft .Net Framework.
Effects of the government shutdown
According to Computerworld, however, some government agencies affected by the shutdown will be unable to update employee devices, or otherwise face  substantial difficulties. This can leave these machines open to data leakage and other security threats.
Computerworld stated that many government organizations only kept a skeletal IT staff in place during the shutdown, as all non-essential IT systems are not currently operational. Desktop computers, laptops and other devices will go unpatched during the shutdown.
John Pescatore, SANS Institute director of emerging technologies said the Windows security weaknesses affect endpoint security across PC and server operating systems.
“While most of the government security staff was deemed essential, it is likely that many of the employee PCs and laptops were turned off, so it will be hard to patch them,” Pescatore told Computerworld.
Although one may think that updates would be easier without employees utilizing servers, Pescatore said this is not the case.
“The reality of these shutdowns is that informal processes get disrupted even if the essential people are still there,” Pescatore said.
Once employees return, they must exercise caution before using their unpatched devices.
“Best practice would be to isolate these machines until they can be brought up to the most recent patch level,” security expert Richard Stiennon told Computerworld.

Thursday, October 10, 2013

SECURE ENTERPRISE MOBILE APPLICATIONS FOR ENDPOINT SECURITY


In today’s technological business environment, cybercriminals find new ways to compromise data every day.
According to Aberdeen research, besides the benefits of data loss prevention and peace of mind, organizations can tally measurable value when they ensure the security of their mobile infrastructure.
Therefore, it is essential that organizations secure endpoints and the information contained on them. InformationWeek contributor Andrew Borg stated that simply managing the device itself is not enough, and administrators should also focus on securing individual features of the device, especially enterprise mobile applications.
Borg advised companies to implement user authentication before granting access to enterprise apps. Such a system can protect the sensitive information on the application, especially important if a device is stolen or lost. Businesses should employ two factor authentication wherever possible, which requires users to, for example, enter a username and password and also answer a predetermined question for identification.
Additionally, this authentication technology should be connected to a corporate directory service to ensure complete endpoint security. Enterprise applications should also have a high level of encryption to protect sensitive information and prevent data leakage.
Borg also suggested businesses use application management, which can secure access and deployment of enterprise applications. Such technologies also allow the user to create white and blacklists for approved apps, and those which should be denied access.
Furthermore, antivirus and anti-malware systems are also important in endpoint security. These programs can not only protect the mobile operating system, anti-malware can also prevent a device from loading, storing or spreading a malicious item.
According to Borg, mobile app security should be the responsibility of every employee, not just administrators and IT personnel. Education and knowledge is essential, and workers should be notified of best practices and policies in place for endpoint protection.

FURTHER PREVENT DATA LEAKAGE IN FOUR STEPS


In today's business marketplace, endpoint protection is essential to ensure the safe transmission of shared data. Increased utilization of personal laptops and smartphones in accordance with bring-your-own-device policies has also escalated the instances of stolen or lost devices, which pose a security risk for data leakage.
Data loss can result in significant costs associated with security repairs and device replacement, as well as brand uncertainty and public embarrassment. Research director Randy Abrams told State Tech Magazine that organizations cannot afford to make headlines due to a data breach.
Therefore, institutions need to improve endpoint protection for better ensure data leak prevention. Organizations can follow these steps to lower their risk of data loss.
1. Establish a defense strategy
CSO contributor Gordon Makryllos stated the organizations should evaluate their enterprise IT infrastructure to determine where the system may be vulnerable to data leakage and how cybercriminals could gain access to endpoints. Makryllos advised paying special attention to servers, unified communication devices and the network itself when planning a data loss prevention strategy.
2. Get peer advice
State Tech Magazine contributor Sandra Gittlen suggested asking industry peers for advice and guidance as far as their own security strategies.
"Find out out what your peers are using and how they like their product is very important," said Jack Rolfs, director of computer technology for Salina, Kans.
In this way, organizations can compare similar establishment strategies and security products used with their own network requirements. Find out what has worked and select the endpoint security provider that is best suited for meeting industry-specific needs.
This can also be beneficial for smaller companies, said Brad Bowers, director of information technology for Saline County, Kans.
"Small organizations don't always have the resources to do the research," Bowers said.
However, by asking their peers, organizations can obtain valuable information for their own internal security plans.
3. Plan for Growth
Due to the current environment, the number of endpoints needing protection can constantly expand within any business. An employee that may work in-house at one point in time may need to work remotely in the future, and the endpoint he or she uses to gain access to the corporate network will need protection.
Keeping this in mind, Gittlen advised organizations to allow room for growth in their data loss prevention strategies.
4. Realize the importance of education
Gittlen also recommended that administrators explain the possible risks of sharing information as well as the consequences associated with data breach to their employees.
"Education for users is sorely underappreciated," Abrams said.  "[Education] can prevent data breaches and losses."
Furthermore, Gittlen pointed out that informing employees of the activity monitoring and logging practices that come with endpoint protection can serve as a deterrent.

Tuesday, October 8, 2013

ENDPOINT SECURITY: COMPUTER PROTECTION


Desktop and laptop computers are a continually utilized corporate network endpoint. It is therefore vital to lock down these devices for both on-premise and remote workers for data loss prevention.
While a current security policy relating to PCs may be adequate, with new and different attacks occurring daily, there is always room for improvement when it comes to these protection practices.
Passwords: The best first line of defense
PCWorld contributor Ian Paul stated that passwords are one of the best ways to keep prying eyes from sensitive data on mobile devices. He recommended that passwords be relatively long, unique and random for optimum endpoint protection. Paul also suggested using a password managing program to generate random passwords and store them safely.
Email encryption
Paul advised enterprises utilizing an email desktop client to also use an open-source encryption key to secure sensitive information transmitted through this platform. This type of encryption prevents cybercriminals from intercepting and reading email messages, which by default are sent through the Internet as plain text.
However, Paul pointed out that email metadata, like the subject line and email address of the recipient, cannot be encrypted. Therefore, sensitive information should not be included or alluded to in the subject line for endpoint data protection.
Keep up with current trends in endpoint threats
Security professionals should maintain awareness of current trends in malware or other threats to endpoint security. Personnel should regularly check technology news and blogs to discover what threats could affect their endpoint security and research ways to prevent or respond to these infections.
A current trend in the world of endpoint security threats is the rash of spam related to the government shutdown, Patient Protection, the Affordable Care Act and Obamacare. According to ZDNet, there has been a push to register domain names associated with these hot button issues, and these registrations have the potential to confuse and abuse users.
Fake websites have been a growing trend in watering hole attacks, however these are targeting a larger group than most other attacks, which normally only seek to infect those who visit niche Web pages. This attack has the potential to spread malicious items to anyone following current events in the news.
Such fake pages play off the domain names of reputable pages. For example, ZDNet stated that one recently registered domain name was that of healthcaregov.com, which is incredibly similar to the official federal Web page, healthcare.gov.
Security professionals should remain up to date with recent threats like this one, and inform their employees to be cautious of these kinds of fake websites.