Cybersecurity for Endpoint Devices
Communications networks by their very nature allow for the interconnection of computing devices and software applications across both private and public networks. The openness in which modern networks operate has allowed for extraordinary access to data and information that touches nearly every aspect of our lives. However, this access does not come without its pitfalls.
In the case of commercial building installations, the network is mainly relied upon to deliver information services to its users, but is increasingly being utilized to facilitate occupant safety, comfort and productivity through various network-based subsystems. As more and more IP-enabled devices connect to the network, it becomes increasingly vulnerable to cyberattacks from hackers, malware and other advanced persistent threats (APT). Understanding the network attack surface or points of entry into the network is critical to developing a sound cybersecurity strategy.
Video: Cybersecurity for Endpoint Devices
Traditional endpoint security has primarily applied to computing devices, such as laptops, servers, mobile phones and storage appliances that attach to an enterprise network. Industry best practices and solutions are well established for endpoint security as it relates to these computing devices, but sensors, surveillance cameras, access control and lighting systems that can provide entry into the network for a cyberattack represent a new class of products that deserve attention as well. In our TECHbrief on cybersecurity and the impact on operational technologies, we discussed how information technology and operational technology teams must work together to assess and mitigate risk.
As discussed in that TECHbrief, there are basic measures that can be taken to improve endpoint security, such as inventory and control of hardware assets, controlled use of administrative privileges and secure configuration practices. However, advanced solutions are being developed to better address the needs of IoT endpoint devices. For example, rather than treat cyber threats as a singular static event, advanced analytics platforms can integrate intelligence gathered from multiple sources, including firewalls, gateways and endpoint devices, that can dynamically adapt network security resources to address potential breaches in a more integrated fashion.
There are both hardware and software solutions available that can be used together to help ensure your endpoint devices do not become vulnerabilities on your network. Hardware options include deep packet inspection appliances and inline blocking tools, which allow you to set traffic rules to allow only appropriate communication flows through to your network. Hardware solutions like these, which act as gatekeepers for your network, are especially important for devices that aren’t in a secured environment or are considered mission critical. Watch the video above to see how both hardware and software can be installed to protect your endpoint devices.
You should also be utilizing security software, such as a syslog manager, which allows your IT team to routinely review the system log files for each device on your network. The syslog keeps track of all the “events” that occur on your network, including who has attempted to log onto the network. The data collected in syslog files reveals patterns of what normal communications with your network look like and can flag communication that is out of the ordinary and could signal an attack. You can set permissions for which communications are allowed, and either prevent all other communications or flag it as an anomaly for your review.
Additional tools to help thwart an attack would be intrusion detection software, change management and vulnerability scanners. At minimum, your IT team would require Simple Network Management protocol (SNMP) version 3, which is an application-layer protocol used to manage and monitor network devices and their functions. SNMP has been around for as long as networks have, but the first couple versions had vulnerabilities, so ensure you are using version 3. While a syslog will continually update the database, with SNMP you must manually query the device to get the data. SNMP also cannot alert you when an anomaly or suspicious event occurs on the network.
While cybersecurity is an ongoing process at every level of your organization, you can be in a better position to thwart an attack by working with your IT team from the very beginning. They will be able to assist in the technology selection process by evaluating security measures put in place by the device manufacturer. Many endpoint devices still don’t allow access to syslogs, which should be a warning sign that cybersecurity was not top of mind during product development. However, as commercial building environments attach more devices to enterprise networks, manufacturers will be more vigilant and endpoint security will become more advanced. You can learn more about cybersecurity best practices in this TECHbrief on cybersecurity and the impact on operational technologies or by contacting an expert.