Protect your endpoints
When network security can’t prevent sophisticated attacks, endpoint security needs to kick in at the lowest levels.
The traditional approach to security is no longer the best. Throwing everything you've got at protecting the perimeter isn't such an effective strategy in a world where mobility and agility have become key IT requirements and organised gangs of cybercriminals are launching more sophisticated, targeted attacks. While there's still a need for preventative, network-scale security and a place for next-generation firewall appliances and large-scale infrastructure security, enterprises need to get serious about their endpoints, ensuring their mobile devices, laptops and PCs are protected at the device level. That's why CDW supplies the latest ProBook and EliteBook laptops from HP, running Windows 10 Professional, and why it also recommends HP's ProDesk Mini PCs. With one simple step choosing more secure client devices organisations make it easier to meet some of the most complex security challenges in IT.
We're seeing a shift in the security focus for enterprise IT, moving away from perimeter protection and preventative approaches, and towards a model more focused on securing the endpoints and on detection and response. As Gartner analyst, Elizabeth Kim said last year, "Organisations are increasingly focusing on detection and response, because taking a preventive approach has not been successful in blocking malicious attacks." Focusing too much on network security leaves organisations too reliant on a single layer of defence, and while new network security appliances throw up a lot of useful info, they can also throw up too many alerts. When IT or security teams don't have the time or resources to investigate all of them, the real threats get lost in the noise.
That doesn't mean next-gen firewall appliances and sandboxing technologies don't have their place, but they can't secure your business on their own. Network security tools have proved ineffective against zero-day threats, where hackers exploit previously unknown vulnerabilities in software and firmware that haven't been patched out. They can't protect employees working outside the corporate firewall, either on public networks or when working remotely from a client office or at home.
They can be defeated by browser-based threats or infected USB devices and they're not consistently proof against phishing emails, ransomware, malignant web links or drive-by download infections. The SANS Institute's 2-16 Threat Landscape Survey picked out all the above as fast-growing threats. What's more, it noted that 47% of organisations are discovering security incidents through helpdesk calls, and when a user is complaining because their PC has been infected, that's really too late. At that point, the threat has had time to do its work and spread.
Better endpoint security could address these issues, but simply putting the right measures in place can be challenging. The Ponemon Institute's 2016 State of Endpoint report found that 61% of the companies surveyed were prioritising endpoint security, and that they recognised laptops, tablets and smartphones as the biggest endpoint security threats they faced. Yet, respondents estimated that, on average, one-third of the endpoints connected to their corporate networks weren't secured. 69% of respondents said their departments couldn't keep up with employee demand for greater support and mobile device connectivity, and 71% believed their endpoint security policies were difficult to enforce. While the adoption of commercial cloud applications and mobile devices is upping the threat level, IT teams are finding it nigh-impossible to meet the matching security requirements.
Simplifying the security dilemma
What can organisations do? Well, new products and solutions are emerging, while new analytics and AI technologies could help plug the gaps between device-level security and the network-level approach. CDW's solutions and services teams can put together comprehensive security solutions that leave companies more resilient against attack. Right now, though, one of the simplest, most effective ways to improve network security is to choose endpoint devices with stronger security baked-in. CDW believes that, for many organisations, this means HP laptops and desktops running Windows 10 Pro.
One thing many companies don't understand about Windows 10 Pro is that it's a significantly more secure OS than Windows 7, built for today's security challenges not those of ten years ago. Features like Early Launch Antimalware (ELAM), Device Health Attestation, Protected Processes, Heap Protections, Structured Exception Handling Overwrite Protection, Control Flow Guard and Data Execution Prevention close down common vulnerabilities and prevent malware spreading across the network or infecting the PC. Windows Defender delivers solid baseline security, with cloud-delivered protection for a rapid response to the latest threats. Windows Defender SmartScreen prevents malicious apps that have been downloaded from running. The Edge browser is Microsoft's most secure browser yet, with stricter controls on how the browser can access Windows functions, making it tougher for browser-based malware to have an impact.
Windows 10 Pro also sees improvements to identity and authentication, with Windows Hello delivering fingerprint, iris or facial authentication, both for Windows and a range of Windows apps. Phones, watches and wristbands can unlock Windows PCs, but also lock them when the user leaves their desk. With two-factor authentication now built-in at the OS level, Windows Hello makes it easier to ensure that only those with a need can access data, and that those unauthorised to do so can't. Meanwhile, Microsoft's BitLocker disk encryption protects data on a PC's solid-state drive or hard disk using ultra-secure XTS-AES encryption with system integrity verified through a Trusted Platform Module (TPM).
Security at hardware level
These security features work in tandem with the robust security features built into the latest business laptops and desktops from HP. Incredibly compact and beautifully designed, HP's ProDesk Mini PCs still pack in powerful specifications based on 7th Gen Intel Core processors and security to match, with HP BioSphere Gen3 and HP WorkWise. The same is true of HP's ProBook and EliteBook 840 laptops, which prove that ultra-slim and light designs and supermodel looks aren't incompatible with enterprise-grade security and the power for demanding applications.
These devices have the security features required to plug the holes in your endpoint security. HP Biosphere Gen3 protects the PC's BIOS the firmware that manages startup and controls configuration and basic functions against attacks with customisable authentication and BIOS-level passwords. HP SureStart Gen3 monitors the BIOS in memory for signs of unauthorised change, self-healing and recovering the last-known good BIOS if it finds any, including any configuration changes made. Multi-factor authentication combines PINs or passwords with fingerprint or facial recognition to make it easy for a PC's user to access their PC, but hard for anyone else hoping to snoop. Users of the EliteBook 840 can use HP SureView an integrated electronic privacy screen to prevent visual hacking' from would-be shoulder surfers. You can work on the train without worrying what the passenger in the next seat can read on your screen.
Beyond that, HP WorkWise partners a desktop app on the PC or laptop with a smartphone app for iOS or Android phones. Not only can it lock and unlock Windows automatically when the phone is in or out of Bluetooth range (meaning the user is nearby), but it can also provide smartphone alerts when someone unauthorised tries to log-in to the PC, or when the laptop is moved, a USB key is plugged in or the lid is shut.
Together, these features protect endpoint devices in a seamless fashion without pushing users towards complex or onerous security routines they can't be trusted to maintain. They add self-healing and resilience, so that even those attacks that slip through the net don't get a chance to take hold. By bringing security in at the most fundamental levels, HP ProDesk desktops and HP ProBook and EliteBook laptops can plug the holes traditional network security leaves behind.