Connectivity is on the rise. By 2020, there will be more than 25 billion connected devices on the internet. However, this also means that these 25 billion devices must be secured to reduce endpoint vulnerability. Securing new platforms like vending machines, heart monitors, alarm systems, and anything else that acts as an endpoint will be critical for agencies to secure their networks while starting with the Internet of Things.
One way to keep these platforms secure is through built-in endpoint security. This solution gives agencies the capability to constantly monitor and assess their security vulnerabilities while still leveraging the Internet of Things.
In order discuss how agencies can do this, GovLoop brought together Frank Konieczny, Chief Technology Officer of the U.S. Air Force and Ron Chestang, Senior IT Security Consultant at HP in the recent online training, Defending Gov’s Vulnerable Endpoints.
So, what exactly is an endpoint? For a long time, it was just classic compute and desktops. As technology evolved, the scope of endpoints enlarged to include things like tablets, mobile devices, and laptops. “Now with the Internet of Things, almost anything can be an endpoint,” Konieczny explained. “We are most concerned about the newest generation of endpoints because we don’t know how to manage them and there are few security controls associated with them.”
However, as endpoints continue to grow exponentially, the cybersecurity community has come up with a few key ways to start securing them. Konieczny explained five of these potential solutions:
- Hygiene and configuration: Make sure your hardware is keeping up with your software. This will also make patching easier in the long run.
- Protect: “Encrypt everything and secure your perimeter,” Konieczny emphasized. Many IoT devices were developed long before IoT was a thing so it is critical to ensure you are getting encrypted communications from vendors.
- Authenticate and Authorize: Leverage two and multi-factor authentications. Additionally, once people are authenticated, make sure they have access to the things they need access to.
- Virtualization: Leverage virtual desktops, browsers, and applications. This way, if malware makes it into one of these you can destroy and restore the infected browser or desktop dynamically and quickly.
- Agent Based Reporting: Track, report and eliminate misbehaving processes, applications and users. However, Konieczny warned that agencies need to be wary of false positives and looking too far into data drawn from tracking.
The experts made it clear that we are living in a time where there are a lot of cyberrisks and vulnerabilities. “Whether it’s a malicious cyberattack, an accidental internal breach, or a regulatory and legal non-compliance, the cost of resolving a security breach can be huge,” Chestang explained.
Printers are one endpoint that are not immune to these vulnerabilities but are often forgotten about when agencies set out to secure their devices. “Hacking printers is actually the number one attack on IoT capabilities because everyone has one but no one pays attention to them,” Chestang said. “In order to prevent a breach agencies must secure the entire endpoint from the device, identity, data and documents.”
In order to protect printers a layered approach is key. Chestang recommended solutions like scanning, performing a use case for EOL and EOS devices, checking compliance regulations, being proactive about password management, and getting rid of any outdated devices.
Looking forward, the possibilities for endpoints will keep multiplying. Whether it’s your printer, thermostat, or tablet, agencies must start getting proactive about protecting these windows into their networks.