March 7, 2016
This is the fourth in a ten part series on information technology security from SBAM Approved Partner NuWave Technology Partners.
Endpoint Security is the practice of protecting each of the user’s computers on a network. By providing protection for each endpoint, if malware, ransomware (malicious software that ask for a payment to remove itself), or a virus gets inside the network and infects one endpoint, the others are still protected. The malicious software typically infects an endpoint in one of three ways.
First, a computer can be compromised from opening an infected file or program. The file may already be on the network or it may be introduced from a USB device, CDROM, downloaded from the internet, etc. How it gets on the computer is irrelevant. Protecting the computer from its potentially devastating affects is critical. A good commercial grade anti-virus program will protect a computer against this type of infection. It is important to note here that while there are several free anti-virus solutions on the market, they should not be used in a business network. Most, if not all, of the free programs state that it is a violation of their license agreement to use them for commercial purposes. They usually do not have the functionality required to protect computers in a networked environment. These programs work in two ways. First, they perform a periodic scan of the entire hard drive. Most of the top products on the market today will tag the files that have been scanned and not scan them again unless they have changed. This speeds up the process and improves performance on the computer. Second, these programs scan every file as it is opened or saved on the computer. When a USB or CDROM is inserted it is immediately scanned. There are some industry analyst that claim it is no longer necessary to run anti-virus software on each computer in a network. However, while Microsoft Windows 7 and Windows 8 have much better security features built in, they are not yet capable of protecting themselves. Anti-virus software is still required for complete protection.
Second, a more common way for a computer to become infected is through an email attachment. This malware gets around the anti-virus program by getting permission from the user to install itself. This “permission” is often inferred by the user opening the email or clicking on the attachment completely unaware that they have “authorized” the installation. This type of attack can be stopped with SPAM filtering software or services that include virus scanning. Hosted SPAM filtering services have several advantages over on-site SPAM filtering. The SPAM service receives all of the corporate email at their datacenter. They then scan it for both SPAM and viruses, forwarding only clean and legitimate email to the company’s email server. Since SPAM rates for most companies exceed 80%, having the scanning done off-site protects the company’s email server from possible infection. It also significantly reduces the amount of bandwidth being used to receive the SPAM email. If the corporate email server or internet connection is down for any reason, the SPAM service will continue to capture the email, thus avoiding lost email. Another advantage is the SPAM filtering service has dedicated resources focused on keeping their scanners updated to thwart the constant changes in the way spammers try to circumvent detection. This frees the company’s staff to focus on more strategic initiatives.
The third part of endpoint protection is web content filtering. Most attacks are now coming directly from browsing the internet. The traditional role of web content filtering has been to block employees from going to non-business sites and the resulting lost productivity. That role is now transitioning more to blocking malicious content on legitimate business websites. All of the major search engines, news sites and sports sites use the traffic they generate to make money from advertisers on their site. When one clicks on an advertisement on a website, the website owner gets a small payment for the “click through.” The website owners get the ads by subscribing to a service. The ad service provider does the work of finding the advertisers, collecting payment from them, and making payment to the website owners. The website owners have little to no control over the ads displayed on their websites. Many times the advertisements on major websites contain malicious code and when they are clicked on, they infect the user’s computer. Web content filters will scan sites as they are displayed and block any content that is considered suspicious. Of course the content filters will also block any sites that are specified in the company filtering policies. The filtering companies have millions of users and monitor sites worldwide. As soon as they detect a problem anywhere in the world, their filters are updated and it is blocked globally.
While none of these tools are one hundred percent effective by themselves, using all three of them together dramatically decreases the likelihood of getting a computer and possibly the whole network infected. This is a rapidly evolving area of security. Consulting a security professional is always recommended.