DUDE, WHERE’S MY ENDPOINT: The plight of endpoint security

0
3198

Cyber spending is often done at many levels, most commonly the firewall and advanced analytic solutions. The essential gap that is missed is protecting endpoints within the organization.

The endpoint is the key to the kingdom for an attacker, if they are successful at compromising an authenticated endpoint in the environment, a breach will be the result.

An endpoint is any device on a TCP/IP network, not just limited to laptops and cellphones. This can be anything from a tablet, to a thin client, to a printer – and all devices that sit on a network need to have the same standard for security.

When performing network penetration tests, I would personally attack printers and other “smart technologies” as they are often left with default credentials and thus an easy point of compromise. An attacker will take the path of least resistance to meet their goal of disruption and havoc, thus you need to create a defensive posture to mitigate this threat.

A security solution tailored to this threat vector is the answer, but it is highly recommended that a penetration test be performed in order to confirm this risk vector.

Having a complete security posture will adequately help to protect your organization from an attack but the maintenance of said defensive structure will determine the probability of detecting and mitigating a breach.

Contact our Security Solutions Team so we can work with you to aide in preventative and proactive measures.

We must be vigilant, we must be ready, and most of all, we must be educated!

 

Adam Zimmerman, Security Solutions Architect

CDW Canada

With over six years of experience in the technology industry, Adam’s experience covers information security operations, cyber security advisory, penetration testing, and advanced exploitation. Adam’s primary focus is  helping organizations build strong security practices and prepare for potential attacks.

Adam holds a Masters in IT Security from the University of Ontario Institute of Technology, where he successfully developed a malware classification tool with a security firm based in Ottawa.  Additionally, he has worked on several cyber consulting engagements as a lead security researcher and was able to develop an exploit for the FAA’s NextGen Air Traffic Control Management System.

Adam currently serves in the Canadian Armed Forces as a Second Lieutenant where he holds a  command position as a Troop Commander for 32 Combat Engineer Regiment of Toronto; specializing in mobility denial and facilitation, tactical breaching, controlled munitions disposal, and various humanitarian support operations.