Endpoint Security: What Are the Options?

By James Robinson ·

In today’s security world, organizations have countless options when it comes to choosing vendors and securing their data and network. Now break that down into each component of that security program, from firewalls to wireless, and there are more choices. However, what about endpoint security? Certainly it’s on the list, but when was the last time you reviewed your endpoint posture? 

Over the last year, I have had more endpoint security conversations than in the previous five.  This could partly be because of my changing roles. It could be because of the dynamic change in the threat landscape and the realization that mobile devices are an addition to the arsenal and not a replacement. We also have a situation where the endpoint security stack has become very complex.  This in part has come from shifts in the threats - from lost devices to nefarious actors using malware to compromise credentials or data - and a market that has not “eliminated” any other solutions, but is instead adding more and more to the mix. 

Today, security leaders need to focus on endpoint, but do they know exactly what to focus on? I recently met with a client whose company had just merged with another company. Now obviously there were lots of balls in the air, but the one we focused on was their endpoint security stack. They were dealing with two existing endpoint solutions, which included everything from mobility and their productivity stacks such as email, to mobility and cloud convergence. There were so many things to think about that I could see the team struggling to come up with a cohesive architecture.

This client conversation got me thinking about the main components of endpoint security architecture. In my notes and diagramming I came up with 15 endpoint security components that warranted the most attention. Because factors such as compliance and threat are constantly evolving, so should the way we approach endpoint architecture. Each organization has different goals and budgets, but you can tailor the below components to fit your specific needs. Here’s where security leaders should focus their efforts, broken down into three categories:

  • Management
    • Process container
    • Configuration management/audit
    • Patch management
    • Crash reporting
  • System/Operating System/Application
    • Data loss prevention (DLP)
    • Forensics/eDiscovery
    • Whitelisting
    • Next Gen AV (process protection and forensics)
    • AV/Heuristics
    • Encryption
    • Laptop Recovery System
  • Network
    • VPN
    • Web filtering
    • Host intrusion prevention system (HIPS)
    • Firewall

On another note, when we thought about endpoint security architectures for our future paths and formulating a plan, we considered these questions:

  • Where do you want to be with your endpoint security plan, and what will it cost to get there?
  • What is the “weight,” or effect of the security stack on the overall system?
  • Who are the best in breed players that can deliver these solutions and manage the risk of your top threats?

I have to admit, when I first started to write down the components in a stack component diagram, I did not think I would have 15 focus areas.  I am still debating if the stack is too heavy when compared to the productivity stack (Microsoft Office, browser, client application, etc.) that is loaded on the system to support personnel in their work function. My gut tells me the stack is too large and potentially too complex; however, I do not have an enterprise class answer to solve the problem.  

I challenge the industry to continue to evolve with new architectures, such as bring your own device and mobile solutions. Using the 15 components I mentioned, you and your organization can create a cohesive endpoint security plan that meets the needs of your security program, while staying on budget. What is your security team doing to address endpoint needs? 

James Robinson

Vice President, Third-Party Risk Management

As vice president, third-party risk management, Robinson oversees Optiv’s Third-Party Risk Management practice which includes the development and operations of TPRM-as-a-Service and Evantix. During his tenure at Optiv, he has worked as a core contributor around strategic internal initiatives including threat management, risk management, third-party risk management, vulnerability management and data program protection. He also develops and delivers a comprehensive suite of strategic services and solutions that help chief experience officer (CXO) executives evolve their security strategies through innovation.