Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Boost Your Security for Non-Traditional Endpoints

A ground-shaking shift is underway within businesses, as the number of non-traditional endpoints connecting to corporate networks (generally referred to as the Internet of Things) seeks to challenge, if not overtake, the number of traditional endpoints, like laptops and desktops.

Who can even keep count anymore, as the explosion of connected devices continues to soar to epic levels? Their prevalence has already surpassed the population of the world, largely thanks to the consumer segment.

Businesses are doing their part as well. The ongoing infusion of smart and embedded devices into the workplace is troubling for organizations for many reasons, chief among them that a largely camouflaged attack surface is growing bigger by the day and being littered with an abundance of seemingly benign and often unknown devices that can't be outfitted with something like endpoint detection and response (EDR).

But most EDR products only support standard operating systems, such as Windows, Mac OS X and sometimes Linux. This limits their use for IoT devices. In addition, the software agents that need to be installed on endpoints have a relatively high processing overhead, meaning small devices may not be able to run them. (This is a problem that our PCI forensic investigators frequently encounter when they examine POS terminals).

Of course, this doesn't dismiss the fact that these lesser-considered endpoints - from printers and fax machines to routers and IP cameras to various sensors and medical devices - require protection, as these objects represent soft targets for attackers looking for a convenient way to latch onto a corporate network.

What makes them so susceptible to attack? Many embedded systems use older versions of Windows, operate with default configurations (such as weak passwords) that are vulnerable, or just run flawed software.

Safeguarding all your internet-enabled endpoints has become one of security teams' most critical missions - and spending projections are reflecting that - but covering them all should be less about an individual device and much more about defense in depth. Here are a few steps you can take:

 

Discover Devices and Look for Holes

Visibility is paramount. Before you can defend, you need to know what needs protecting (and whether it needs to come off the network). Non-traditional endpoints are notorious for hiding on the network. You must regularly scan and identify/inventory what is connected. Once you know what you've got, internal scanning and penetration testing will help detect vulnerabilities, misconfigurations and other weaknesses that could give rise to attacks.

 

Monitor Continuously 

Supervise traffic and activity to decipher if the endpoints are up to no good. Perhaps they have been compromised by an attacker to gain a foothold into your environment or they have been hacked with the intention of being entered into that will be used to wage some sort of cybercrime. Whatever the reason, you'll want to continually analyze and detect. In addition, threat hunting can search for advanced persistent threats that may have already crept into the network via vulnerable IoT devices.

 

Do the Little Stuff Well 

  • Research and vet IoT vendors before making new purchases. 
  • Once you have identified or installed IoT devices, change the default passwords to unique, complex passwords to reduce risk of compromise. 
  • Firewalls can be configured to stop incoming and outgoing traffic to these assets.
  • Institute policies stating that if unauthorized or rogue devices are discovered on the network, they will be inspected for security or removed. 
  • Implement an agile methodology for quickly patching vulnerabilities. 
  • Restrict partner access to your network, where practical, to minimize the potential for IoT threats from entering.

 

Bring in the Experts

The rise of endpoints won't be quitting, so you'll be dealing with this issue for a long time to come. It's a big and important job, so if you lack the internal skills and resources to do it as well as you'd like, you can turn to an external provider for help. For example, they may be able to help analyze and correlate events from a broad array of devices with the goal of monitoring threat activity 24x7 and producing real-time intelligence. This will help you catch a breach earlier, reducing dwell time and the damage that attackers can do.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo