Cybersecurity divides into several areas of focus, each of which demand attention from a security team in order for them to defend their organization against today's advanced threats. Many individuals are most familiar with endpoint security—biometric readers, anti-virus programs—and that familiarity may mislead them into thinking that endpoint security alone is sufficient. The reality is, other areas must also be covered—especially network security.
Areas of Cybersecurity
As information technology has evolved, the field has developed an increasing number of specialized areas of focus. For example, content security addresses the protection of particular content, such as applying digital rights management to intellectual property, and it develops as new file formats are invented.
Endpoint security is the area that targets the network entry points made by individual devices. An executive's laptop is an endpoint. So is a receptionist's desktop, a point of sale, or a warehouse processing terminal. Endpoint security addresses the security on these machines with anti-spyware programs, anti-virus scanners, or personal firewalls. It’s the most obvious form of cyber defense because it’s the most readily visible to the average user.
Network security is the branch that focuses on the holistic monitoring of an organization's network for threat or attack patterns. IT personnel will survey networks for security events, looking for unusual traffic patterns or other anomalies.
If an organization is only taking care of endpoint security, and not paying attention to network security, the organization is at risk of cyber attacks.
Here are two reasons why:
1. Portable Devices May Be Vulnerable to Attacks
A business might have security policies applying to their own equipment, but the firm's employees might be allowed to use their own laptops or smartphones instead. These “bring your own device” machines may not be covered by the business's endpoint security, or the company may not have installed the firm's typical anti-virus scanner. But if they have, the employee might have circumvented it somehow in the course of using his or her device for personal purposes.
If an organization takes network security seriously, it can whitelist company-owned assets and ensure that employee-owned devices are treated with extra caution. The traffic from the employee-owned devices can be handled with extra scanning and scrutiny. This safeguard can help keep the firm protected despite the lack of endpoint security on the employee-owned device.
2. Insider Threats Can Bypass Endpoint Security
Most implementations of endpoint security require some form of cooperation from users. If users do not cooperate—perhaps because they are disgruntled employees looking to sell trade secrets to a competitor—they may bypass whatever endpoint security a firm has set up. However, they should not be able to get around strong network security.
For example, a user who has turned into an insider threat might boot his or her company machine into a live operating system that does not contain any of the endpoint security safeguards installed by his or her employers. But network security monitoring—such as SOCVue from EiQ Networks—can pick up on the unusual actions this user takes and prevent him or her from violating security policies.
Managed Security Services Offer Network Security
Portable devices and insider threats are two significant reasons why endpoint security is no longer enough. Managed security services such as SOCVue can provide network security so that companies don’t have to rely solely on endpoint security. With multiple security points covered, businesses can rest assured that their networks and servers will be safe from potential cyber attacks.
Photo: Pavel Ignatov / Shutterstock
Tags: Endpoint Security