So far in this series we have reviewed a few popular and emerging models and frameworks. These tools are meant to help you make sense of where you are and how to get where you’re going when it comes to information security or cybersecurity. We’ve also started the process of defining a new, more practical, more technology-focused map of the cybersecurity landscape. At this point you are familiar with the concept of four critical domains, and six key technology categories within each. Today we’ll dive into the second domain: Endpoint and Application.
I must admit that not everyone agrees with me about lumping servers and applications in with laptops and mobile phones as a security domain. I admit that the choice was a risk, but I believe it makes the most sense. So many of the tools and techniques are the same for both groups of devices. Especially now, as we move our endpoints out onto networks that we don’t fully control (or control at all in some cases). Let’s explore it together - and then let me know what you think!
Domain: Endpoint & Application
If we stick with the castle analogy from part 2, endpoints and applications are the people living inside the walls. Endpoints are the devices your people use to work: desktops, laptops, tablets, phones, etc. Applications are made up of the servers and software your employees, customers, and partners rely upon. These are the things that are affected if an attack penetrates your perimeter, and as such, they need their own defenses.
The categories in the endpoint and application domain are endpoint protection, detection, and response (EPP / EDR), patch and vulnerability management, encryption, secure application delivery, mobile device management (MDM), and cloud governance.
Category: EPP / EDR
The oldest forms of IT security are firewalls and host antivirus. Both have matured a lot in the past 30+ years. Endpoint protection (EPP) is the evolution of host based anti-malware tools, combining many features into products with great success rates. Nothing is perfect, however, and there are advanced persistent threats (APT) that can get into your devices and do damage over time. Endpoint detection and response (EDR) tools are the answer to APT. We're combining these two concepts into a single category because you need both – and luckily for us, many manufacturers now combine them as features of their endpoint security solution.
Category: Patch and Vulnerability Management
While catching and stopping malware and other attacks is great, what if you didn’t have to? Tracking potential vulnerabilities across your systems and automatically applying patches as needed should reduce the exploit capabilities of an attacker and help you sleep better at night. While you can address patch management without vulnerability management, I recommend that you take a comprehensive and automated approach, which is why they are both covered in this category.
When properly applied, encryption is the most effective way to protect your data from unwanted disclosure. Of course, encrypted data is only useful if you can decrypt it when needed – be sure to have a plan (and the proper tools) for extraction! Encryption/decryption utilities can protect data at rest (stored files), data in use (an open file), and data in motion (sending/receiving a file).
Category: Secure Application Delivery
Load balancers used to be all you needed to round-robin requests to your various application servers. Today application delivery controllers (ADC) are much more than that. You always want to put security first, so I recommend an ADC that includes web application firewall (WAF) and other security features for secure application delivery.
Category: Mobile Device Management
EPP and EDR may be enough for devices that stay on-prem, under the protection of your perimeter security tools, but what about mobile devices? When people are bringing their own devices into your network, and taking your devices onto other networks, a more comprehensive security-focused solution is needed. These solutions fall under the umbrella of mobile device management (MDM).
Category: Cloud (XaaS) Governance
Cloud Governance is a fairly emergent realm and in many ways is still being defined. What’s more is that to an even higher degree than the other categories here, governance must always include people, processes, and technology. Since this reference model is focused on technology and practical tools, this category includes technologies that enable and enforce governance. As your organization becomes more and more dependent on more and more cloud platforms, you need visibility and policy control over that emerging multi-cloud environment. A solid cloud governance tool provides that.
We are now three parts into this six-part series. Are you starting to feel like you know where you are? How about where you need to be going? Don’t worry, we still have two more domains to cover, and then a final word on how to make this model practical for you and your organization. Keep an eye out for part 4, where we’ll dive into identity and access - an area that many of you are probably neglecting, despite its extreme importance. Talk to you then!