Data has historically been contained to the computing devices that accessed it within the enterprise campus perimeter. The traditional network endpoint was isolated to desktop PCs, laptop computers and most server components that attached to the organization’s network. In recent years, a dramatic increase in mobile devices has broadened the endpoint definition. Mobile devices require access to a company’s data anytime and from anywhere. With the addition of always-connected, sensor-powered Internet of Things (IoT) devices, the range of endpoints can now include everything from IP cameras to smart vending machines to biomedical devices.
The original definition still holds true to this day; however, the presence of more sophisticated devices requesting an IP address from the network, and often without a user interface, also suggests that the approach to endpoint defense must change. Bi-directional communications means the endpoint can be an entry point into a network or application. What does the device need to communicate with? Does it require internet connectivity? Does a device with an embedded OS provide some form of protection?
All endpoint devices are not created equally. “The operating and security characteristics of traditional desktop devices, mobile devices, servers, and the many classes of IoT devices vary significantly, as do the threat vectors used to attack them, leaving CISOs with an increasingly complex attack surface to defend,” says Dave Gruber, Senior Analyst for industry research firm ESG.
Considering the OSI Model, the Media layers handle packets, frames and symbols (bits). On the other hand, the Host layers work in data. An endpoint can be any point that is responsible for processing Host layer data. If an attack is due to “man in the middle” or packet interception or injection, then it is not likely an attack on an endpoint.
With the advent and growth of IoT, devices are ever-increasing the layers of the OSI model that a device processes. This means that the security team is comparably ever-increasing its endpoints. This is because there is, “no longer a brightline determination on what the ingress and egress points are in an enclave,” says Jamal Hartenstein, IT Security Program Manager, KAI Partners. “Defining an enclave has become more vague and ambiguous for enterprises. Endpoints are now found outside of the traditional enclave.”
“The explosion of connected devices also requires re-thinking the protection mechanisms to apply to those endpoints,” notes Kayne McGladrey, Director of Security and IT, Pensar Development. “Similarly, the widespread adoption of cloud-based services means that there’s no single network to protect.”