Endpoint Security & Why It Matters!
1 like452 views
This webinar discussed endpoint protection and managing risks for small and medium-sized businesses. It covered the essential elements of endpoint protection like perimeter security, email defense, and endpoint protection. Attendees learned about defining organizational standards, understanding their risk without protection, and assessing their current security practices. The presentation recommended regularly reviewing standards, selecting the right tools, and ensuring ongoing staff training to properly manage endpoints and security risks.
Endpoint Security & Why It Matters!
- 1. A continuation of the Managed Services Webinar Series Live Webinar: Webinar Audio: You can dial the telephone numbers located on your webinar panel. Or listen in using your headphones or computer speakers. Welcome!
- 2. • Presentation is roughly 30-45 minutes • All phone lines are muted • If anyone has any questions during this webinar – please type them in your Questions Box located at the bottom of your webinar panel Webinar Details
- 3. Today’s Presenters Steve Moisoff Net@Work Senior Solutions Executive Cando Wango Net@Work IT Solutions Architect
- 4. 180+ Business Technology Architects and Consultants IT Road Mapping & Strategic Planning Business Process Review Ecosystem BI, Analytics & Reporting Cloud & IT Managed Services ERP/ Accounting Web Development & e-Commerce Sister Company Payment Processing SWYPE Sister Company CRM & Marketing Automation HRMS/ Employer Solutions Document Management Compliance Solutions: Sales Tax | Fixed Assets Managed Print Services Sister Company Net@Work Partner Alliance Program
- 5. Our Previous Webinar Topics Access on our website: netatwork.com/resource ✓ Managed IT Services: What It Is and Why It Matters ✓ The Myths & Realities of Managed IT Services ✓ Uncovering the Business Value of Managed IT Services ✓ Data Recovery Best Practices - Survival of the Fittest ✓ Information Security Awareness: How to Avoid the Bitcoin Nightmare All Recorded Webinars Available to Watch On-Demand:
- 6. • Endpoint Protection…What Is It? What are the various elements of Endpoint Protection? • What is your organization’s risk in the absence of Endpoint Protection? • How to ensure that you are significantly mitigating the risk of compromised performance & loss of data • What organizational standards are critical to define and implement? • What questions should you be asking of yourself and your staff? • Next Steps/Recommendations Agenda
- 7. “A company that includes 1,000 employees with poor online hygiene has 1,000 insecure endpoints.” Anuj Goel, co-founder of Cyware Labs
- 8. Email Defense End Point Protection PerimeterThe Essential Elements • Perimeter – e.g. the Firewall…inspecting data coming in and out of your corporate network • Email Defense – Filtering, Inspection and protection of email boundaries • End Point Protection – Zero Day Threat Protection, Anti-Virus definitions • Backup Solutions – Full Recovery of critical systems • Training for End Users – Regular education sessions and testing of knowledge on company standard security posture Backup Solutions End User Training Overview
- 9. Does your company have a standard (policy) for Staff Accessing Personal Email Accounts on Corporate Devices? ❑ Yes ❑ No ❑ Don’t think we need one ❑ Don’t know Does your Company have a mobile device or BYOD (bring Your own device) standard (policy) defined? ❑ Yes ❑ No ❑ Don’t think we need one ❑ Don’t know Polling Questions
- 10. Endpoint Protection…What Is It?? Conceptually, viable Endpoint Protection (and Response) solutions need to provide three broad buckets of functionality: • Prevent/Detect to block malicious code and prevent infection with a high rate of detection • Analysis perform forensics on the endpoints • Response contain and remediate endpoints For the purposes of this presentation endpoints are considered any user devices such as desktops, laptops, Mobile devices (e.g. tablets, phones, etc.)
- 11. By The Numbers… Nothing in IT changes more quickly and requires more sophistication than effective network and data security. Although precise estimates vary, somewhere around half of all security incidents affect organizations with less than 1,000 employees. (PC Magazine 2018) Small fish still make big target, though. In a Visa and National Cyber Security Alliance (NCSA) survey of 1,000 small business owners, 85 percent of respondents believed that enterprises are more targeted than they are, yet another survey by the same group found that 20% of small businesses suffered a data breach. Why Endpoint Protection?
- 12. What is your organization risk in the absence of Endpoint Protection? Target SMB's IT administrator faces the same threats that teams of his or her enterprise counterparts face, except that he or she is likely to face them alone. Critical Data Loss As long as your data holds value, criminals don't care how big your company is. Small businesses carry information just as valuable as that of larger organizations. It takes less effort to steal financial data and act on it. Mobility Many SMB’s employees rely heavily on mobile devices to do their jobs. This means that mobile platforms represent as rich a target to hackers and malware as office-based systems. Reputation/Liability Criminals use the systems of a small business to exploit trust relationships with larger businesses (e.g. the Target breach FireEye).
- 13. Understand the landscape of Endpoint Protection vendors Patch Mgt Desktop maintenance Group Policies Use Policy Security Policy Mobile Device Management Mitigating the Risk of Compromised Performance & Loss of Data Anti-Virus (anomaly driven – heuristic behavior) Local Firewall Settings Detection and Notification system Event Management Change Mgt and Controls Dual factor authentication Ensure that the following areas are being addressed:
- 14. How does your primary IT vendor manage your IT issues today? ❑ Through Time and Materials ❑ By Managed Services ❑ Neither ❑ Both Polling Questions
- 15. Organizational IT Standards Directly Related To Endpoints are Critical Not implementing the correct standards could result in creating a false sense of security amongst users and management, and creating a management nightmare for the administrator. Standards should be preconfigured using best practices, with the ability to quickly and easily make changes should the administrator desire. Examples of standards directly related to endpoints include: • Ability to locate and remote wipe devices • Password Strength and frequency of rotation • Application control (who or what groups have access to what applications) • Wi-Fi Settings (access and how often passwords are rotated) • Encryption on Laptops as a policy
- 16. What Questions Should You Be Asking Of Yourself And Your Staff? What organizational policies are critical to define and implement? • When is the last time we did an audit of our technology environment? (To assess the data protection and controls around your business processes) • Who in our organization is responsible to ensure we are protected from new IT threats? (i.e. do we have any risk mgt process in place around these issues?) • Does our IT staff undergo regular training and education? • When was the last time you reviewed your standards (policies)?
- 17. “What's good enough?” Review and understand the implications of your standards. The challenge, then, is: • to select an IT solution that can fend off known threats as well as detect odd behavior that hasn't been seen before, and • to manage your endpoints throughout their lifecycle. Next Steps
- 18. Summary & Recommendations SMB’s need to consider doing the following: • Understand & document current Endpoint requirements • Review standards on an ongoing basis • Determine and administer the proper tools • Capture and field appropriate alerts/attacks • Ensure IT staff has ongoing training Decide if your company: Has the resources to commit to these actions OR as many companies are doing: selecting a vendor that can align to this current business climate with those tools, processes and budget that best fit your needs.
- 19. Based on this presentation do you feel your IT environment is at: ❑ High Risk ❑ Medium Risk ❑ Little Risk ❑ No Risk ❑ No Idea Polling Questions
- 20. Please type in your questions Any Questions?
- 21. Thank You For Attending! Connect with 646-293-1735 www.netatwork.com netatwork.com/blog Net@Work YouTube Follow us on Twitter: @netatwork_corp Follow Net@Work on LinkedIn Follow Net@Work on Google+ Follow Net@Work on Facebook Contact your Net@Work Account Manager for any questions or concerns. Or you can reach out to us via the information below! Steve Moisoff | Net@Work Managed Service Solutions Executive Phone: 212.997.5200 Ext. 1735 Direct: 646.293.1735 smoisoff@netatwork.com www.netatwork.com