Video 5: Cybersecurity Architecture: Endpoints Are the IT Front Door – Guard Them

1.      What are Endpoints?

Endpoints involve many different hardware and software components of a network. From a hardware perspective, it involves different platforms like a server, personal desktop system, mobile system, and the IoT (Internet of Things). This includes all of the devices that are now getting computing capabilities built into them that wouldn’t have had it in the past. The uses of these devices also range from business to personal. A cybersecurity architect should have a holistic view of these devices, considering that any of them can be used for either business or personal. The amount of devices contributes to the attack surface because it adds another place where an attacker can exploit a vulnerability. The software view of this, is that across all of these devices, there are many different operating systems to deal with. This includes Windows, MacOS, Linux, and Unix.

2.      What is an Endpoint Management System?

An Endpoint Management System is an application used by IT administrators to manage and view all of the endpoints in a domain. The typical practice when using these systems is one IT administrator logs into one management system for the servers and another IT administrator logs into a different management system for the desktops and laptops and so on. So its usually multiple different administrators managing different things. Although they are domain experts in those particular areas, its not the most efficient or simplest way. If a cybersecurity specialist wants to implement a single security policy across all of these devices, it should ideally be done through one console.

3.      What is the best practice when using an Endpoint Management System?

The best practice would be to be able to have one administrator who can manages endpoints through one platform. This would allow them to push down policies and patches that then go across the entire infrastructure. The administrator would also be able to get information and alerts about all of these different system into one console. Its more efficient and the administrator does not need that much domain expertise because all of the information is in one system and they have the ability to control it all. The best practice would be to integrate all of the systems into a holistic Endpoint Security Management system.

4.      What type of policies do cybersecurity administrators enforce?

The system should be able to query to the Endpoint Security Management System to show what all different systems are being used. A security policy that dictates what types of hardware and software that are allowed in the organization in the IT systems. Password policies like enforcing a password of a certain length, strength, and expiry date. Patching software should be a requirement because systems are only as good as the latest software, especially when updated software includes security fixes that threat actors could take advantage of. An encryption policy should be implemented on every device to make sure that if the device is lost or stolen, then no one can get any information off of it because all the data is encrypted.

5.      What is BYOD?

For bring your own device programs in organizations there are two types: well-defined and poorly defined. A well-defined program involves consent, software, hardware, and services. Consent means being transparent to the owner of the device about what IT is going to do to their system like monitoring, usage, and wiping. IT might just monitor the corporate things on the device and want to reserve the right to remotely wipe the device and remove all corporate data. What levels of software are also specified like software versions, required applications, and applications that are not allowed. From a hardware perspective, IT might support BYOD but only if it’s a certain hardware specification (desktop, laptop, or mobile device). Only authorized services are allowed. For example with file sharing, if the organization uses a cloud-based file sharing program then everyone needs to use that. Overall, if we make it easier to do the wrong thing than it is to do the right thing, the users are going to do the wrong thing.