Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Boost Your Security for Non-Traditional Endpoints

A ground-shaking shift is underway within businesses, as the number of non-traditional endpoints connecting to corporate networks (generally referred to as the Internet of Things) seeks to challenge, if not overtake, the number of traditional endpoints, like laptops and desktops.

Who can even keep count anymore, as the explosion of connected devices continues to soar to epic levels? Their prevalence has already surpassed the population of the world, largely thanks to the consumer segment.

Businesses are doing their part as well. The ongoing infusion of smart and embedded devices into the workplace is troubling for organizations for many reasons, chief among them that a largely camouflaged attack surface is growing bigger by the day and being littered with an abundance of seemingly benign and often unknown devices that can't be outfitted with something like endpoint detection and response (EDR).

But most EDR products only support standard operating systems, such as Windows, Mac OS X and sometimes Linux. This limits their use for IoT devices. In addition, the software agents that need to be installed on endpoints have a relatively high processing overhead, meaning small devices may not be able to run them. (This is a problem that our PCI forensic investigators frequently encounter when they examine POS terminals).

Of course, this doesn't dismiss the fact that these lesser-considered endpoints - from printers and fax machines to routers and IP cameras to various sensors and medical devices - require protection, as these objects represent soft targets for attackers looking for a convenient way to latch onto a corporate network.

What makes them so susceptible to attack? Many embedded systems use older versions of Windows, operate with default configurations (such as weak passwords) that are vulnerable, or just run flawed software.

Safeguarding all your internet-enabled endpoints has become one of security teams' most critical missions - and spending projections are reflecting that - but covering them all should be less about an individual device and much more about defense in depth. Here are a few steps you can take:

 

Discover Devices and Look for Holes

Visibility is paramount. Before you can defend, you need to know what needs protecting (and whether it needs to come off the network). Non-traditional endpoints are notorious for hiding on the network. You must regularly scan and identify/inventory what is connected. Once you know what you've got, internal scanning and penetration testing will help detect vulnerabilities, misconfigurations and other weaknesses that could give rise to attacks.

 

Monitor Continuously 

Supervise traffic and activity to decipher if the endpoints are up to no good. Perhaps they have been compromised by an attacker to gain a foothold into your environment or they have been hacked with the intention of being entered into that will be used to wage some sort of cybercrime. Whatever the reason, you'll want to continually analyze and detect. In addition, threat hunting can search for advanced persistent threats that may have already crept into the network via vulnerable IoT devices.

 

Do the Little Stuff Well 

  • Research and vet IoT vendors before making new purchases. 
  • Once you have identified or installed IoT devices, change the default passwords to unique, complex passwords to reduce risk of compromise. 
  • Firewalls can be configured to stop incoming and outgoing traffic to these assets.
  • Institute policies stating that if unauthorized or rogue devices are discovered on the network, they will be inspected for security or removed. 
  • Implement an agile methodology for quickly patching vulnerabilities. 
  • Restrict partner access to your network, where practical, to minimize the potential for IoT threats from entering.

 

Bring in the Experts

The rise of endpoints won't be quitting, so you'll be dealing with this issue for a long time to come. It's a big and important job, so if you lack the internal skills and resources to do it as well as you'd like, you can turn to an external provider for help. For example, they may be able to help analyze and correlate events from a broad array of devices with the goal of monitoring threat activity 24x7 and producing real-time intelligence. This will help you catch a breach earlier, reducing dwell time and the damage that attackers can do.

Latest Trustwave Blogs

Mining Operations: Critical Cybersecurity Threats & Trends Revealed

Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation....

Read More

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More