Alert Stop Bad Rabbit Ransomware In Its Tracks. Learn more

Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform

7-experts-cloud-based-endpoint-security
sean_blanton
March 20, 2018 / Sean Blanton

Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Security Platform.


Make Sure The Solution Fits The Environment And The Need

Richard Davis, Executive Director of IT Security, Embry-Riddle Aeronautical University

For Richard Davis, Executive Director of IT Security at Embry-Riddle Aeronautical University, endpoint security is a critically important piece of the institution’s overall security strategy. Embry-Riddle has global and online campuses. “Any time you’re dealing with an organization that has global reach and endpoints connected all over the place, you have a large attack surface that presents a special security challenge,” he says. Educational environments are particularly challenging because of the culture of idea sharing and the free flow of information.

Davis believes that when modifying any security practice, whether it’s changing the emphasis on something or adopting new or stronger endpoint-security tools, it’s important to maintain a holistic perspective. “You don’t put all of your eggs in one basket or in one particular defense mechanism,” he says. “Make sure you’ve got all the bases covered and you maintain a defense in-depth strategy.”

Sometimes this involves convincing management that there needs to be greater focus on strengthening endpoint security. Davis believes one of the best ways to do this is with a simple demonstration. “Honestly, it is extremely trivial in many cases to bypass antivirus,” he says. “You can demonstrate to management a piece of malware. ‘Oh, look the AV caught it. Let me modify this.’ You make a simple change, maybe use a Hex editor and change a couple of bytes. Then you run it and it completely bypasses AV. ‘Oh, look, no alarms.’ That’s pretty effective.”

 

  • Honestly, it is extremely trivial in many cases to bypass antivirus.

 

Even with high-level buy-in, you still need to find the right solution. Davis stresses the importance of doing your homework before deciding on any endpoint-security solution.

“You don’t want to pick a solution that seems like a good fit based on ads and recommendations and then just bring them in,” he says. “You need to know your environment extremely well. You need to know what kinds of data you have on your endpoints, and how people use it. You need to understand your risks, and what is the worst-case scenario for an endpoint in your environment. Only after you’ve done this can you determine what kind of endpoint protection is right for your situation.” This may include next-gen antivirus, cloud implementation for easy access and scalability, application whitelisting, the ability to monitor and log attempts to download non-whitelisted code, and other tools for monitoring and controlling endpoint activity. “Doing your homework and choosing a reputable vendor are important to making it work for you,” says Davis.

Another consideration in rolling out a solution is gaining end-user acceptance. “There’s often pushback at first. People question why they need security-awareness training, or complain about alarms that keep popping up on their computer when they try to download something,” says Davis. This resistance may be more prevalent in higher-ed than a more traditional corporate environment, because of a culture that is less concerned about security. “You need to build a culture of security, which can be difficult in an education environment that thrives on academic freedom,” he adds.

Beyond awareness training and reminders, one approach that helps is encouraging people to use your security practices in their own personal environments. “If you can help people apply the security principles you’re trying to preach in your organization to their own home or personal computing use, that’s something that can help them and help your organization,” Davis explains. “It helps build a culture of security by essentially telling users the behavior you’re asking of them is no different than what they should be doing at home.”

KEY POINTS

  • When modifying any security practice, whether it’s changing emphasis or adopting new or stronger endpoint security tools, it’s important to maintain a holistic perspective.
  • You need to know what kinds of data you have on your endpoints, how people use it, understand your risks, and know the worst-case scenario for an endpoint in your environment.

 

ABOUT THE CONTRIBUTOR

Richard Davis

Executive Director of IT SecurityEmbry-Riddle Aeronautical University

Richard Davis has more than 22 years of IT experience, including more than 10 specifically in information security. He has a BS in Cybersecurity from the University of Maryland University College, and holds 22 industry certifications, including CISSP, CCNP Security, CCNP Routing and Switching, GCFA, GCFE, and GPEN. Davis also creates YouTube videos on a variety of security topics, including digital forensics and incident response; writes software for macOS and iOS; and is very involved in the information security community.


Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Security Platform.

TAGS: 7 Experts / cloud / Cloud-Based Endpoint Security / Move to the Cloud