Endpoint security best practices
Start your endpoint security journey with some best practices.
If you’ve read anything about cybersecurity, you’ve probably heard of “endpoint security.” But what does this really mean, and why is it important?
To start, let’s clarify what an endpoint is. An endpoint is anything that connects to a network, like a phone, tablet, laptop, server or internet-of-things device (like a smart doorbell, for example). And security is well, about what you expect — protecting these devices from cyber threats that put your personal and/or company information at risk.
Endpoint security isn’t just slapping any old anti-virus software on your device and hoping for the best. It requires strategy and intention, and is a part of an overall cybersecurity strategy. In this blog, we’ll talk about some endpoint security best practices that organizations can implement as part of their defense-in-depth strategy.
Software updates and patch management
Keeping your operating system (OS) and application software up to date is one of the simplest and cost-friendly ways to improve your security posture. While the latest version of software may include fun new features, it also often includes critical fixes for security vulnerabilities.
Deploying major OS updates to your device fleet isn’t always simple; you have to make sure that it doesn’t break any of your current workflows. With Declarative Device Management (DDM) and your Mobile Device Management (MDM) solution, it’s easier to schedule and enforce the latest software updates. Both end users and IT admins benefit from more transparency into the update process — and your security gets a boost.
What about the countless apps that need updates at various times? Apps available on the App Store or through Apple’s Volume Purchasing Program are relatively easy to update. Third-party apps are less so; tools like App Installers streamline this process by pre-packaging common apps for deployment with Jamf Pro.
With adequate patch management, planning and a MDM solution, these updates can be a powerful boon to your security.
Read more about patch management.
Policies and compliance
Secure configurations
Your devices’ security starts with its configuration. What restrictions and policies are you going to put on the device? For example, consider:
- How do users get access to apps?
- What are your authentication policies? Do you enforce multifactor authentication? Complex passwords? Biometrics?
- How does the device connect to company resources? Do you implement connections with Zero Trust Network Access?
- How can data travel to or from a device?
Laptops and mobile devices are quite capable these days — sometimes, they do more than we need them to do. Configuring your endpoints to do just what the user needs, no more and no less, reduces possible access points for an attacker. And it’s helpful to take advantage of built-in security features, like FileVault and biometric authentication on Mac.
But how do you know how a device should be configured? Security benchmarks can provide guidance.
Security benchmarks
The Center for Internet Security (CIS) works with the global cybersecurity community to develop recommendations for a secure configuration. These CIS benchmarks are specific to a given operating system, like macOS or iOS, and provide multiple levels based on the amount of security required by your organization.
For example, CIS benchmark 5.2.2 for macOS, “Ensure Password Minimum Length Is Configured,” is a level one benchmark recommending a minimum password length of 15 characters since short passwords are easy to crack. The next benchmark, 5.2.3, is a level 2 benchmark for additional security. This benchmark recommends complex passwords with uppercase and lowercase letters and symbols.
Enforcement
Once you know how you want to set up your devices, how do you actually get it done? It’s two fold — you have to be able to:
- set up the devices and
- know when they aren’t meeting your requirements.
Your MDM solution can take care of the set up. Your security monitoring software like Jamf Protect can detect when your devices fall out of compliance with your set standards; then, your MDM can take action accordingly and remediate the issue.
Learn the basics of Apple device management.
Security software
Unfortunately, no device is immune from threats, no matter how carefully their creators build in security defenses. That’s why additional security software is beneficial for your endpoint security.
Endpoint protection platforms
Endpoint protection platforms (EPP) act like a guard for your device. These software solutions block potential threats — like malware or phishing attempts — before they get on your device. EPPs come in forms like antivirus software or a firewall.
Mobile devices are especially vulnerable to attacks, due to their portability, usage and small size. Mobile security solutions are needed to protect employees who are on the move. This could include remote employees or those using shared mobile devices, like retail store associates, for example. EPPs help make sure these devices with access to company data are free from threats.
Endpoint detection and response
But what happens if a threat gets past your EPP? That’s where endpoint detection and response (EDR) comes in. EDR detects threats once they are on your device and makes sure they don’t cause damage. It may prevent malware from running or recognize signs of malicious behavior and prevent communication with malicious servers. Since malware comes in many forms, your EDR solution may use machine learning to detect malware that hasn’t been analyzed, recognizing it by its behavior rather than any code.
A culture of security
Even with your best defenses, attackers can find their way into your systems. With a well-executed spearphishing attack, for example, attackers may get the information needed to break in, without having to use malware of their own. If an employee hands their credentials to an attacker, what do you do?
Ideally you have safeguards for this, with access controls, appropriate network segmentation and tools like Zero Trust Network Access. But beyond this, its valuable to create a work culture where an employee simply tells IT that they’ve fallen for a phishing attack — maybe they were just too late in catching it!
Fostering this means that:
- Employees aren’t shamed for reporting, but educated
- IT is transparent about their policies
- Security is a priority, which is clearly communicated through training and other means
Key takeaways
The right tools, procedures and policies arm IT admins with what they need to keep their endpoints secure. While there’s no one-size-fits all approach to security, adding these into your workflows can go a long way:
- Secure configurations and policies
- Security benchmarks
- Endpoint protection platforms
- Endpoint detection and response software
- A culture of security awareness
Security is an ever-evolving challenge, but you aren’t alone.
Check out our beginner guide to Apple device security.