Beltug

Endpoint security as part of a holistic, orchestrated approach. Takeaways from the Beltug N-sight: 28 April 2020


In a hyperconnected world, a purely centralised security approach is often not good enough.  IoT, 5G, mobile devices, wearables, edge computing and more, are all vital technologies in our infrastructure, and therefore need to be part a solid, all-embracing security strategy.

 

So how should we include these endpoints in our security approach? In this session, we zoomed in on the world of endpoints and what sorts of solutions are needed to create a holistic, orchestrated approach to security.

 

The presentations from this X-change, and a link to the recording of the event, are available for our members (after log-in).

 

 

What is the role of endpoint security in your current security strategy?

 

Emmanuel David, Technical Director at Orange Cyberdefense, started by discussing the role of endpoint security in the global security architecture. Any device, whether virtual or physical, whether on premise, in a data centre or, in the cloud, can be considered an endpoint: as long as it is connected to your network.

 

Emmanuel explained the cyber security evolution over time: extending from a focus on prevention alone to detection and prevention. Today's approach assumes it is only a matter of time before you suffer a breach. This means you should divide your efforts, and make sure your response won’t fail when a breach does happen.

 

As with all security solutions, endpoint security should minimise your business risk AND speed up your business recovery time. (slide 12)

 

Emmanuel prefers the 'zero trust'-principle for endpoint security. Traffic should be inspected and logged, and rights granted according to a 'least-privilege' methodology. This 'zero-trust' approach should be integrated in your security architecture in a consistent way. Efficiency can be increased by automating security, and by coordinating all security components.

 

Other best practices include:

 

 

Case: Stepping away from security silos towards business security at Kinepolis

 

Kevin Bollengier, IT Security & Compliance Officer at Kinepolis shared how Kinepolis moved from having several security silos to business security. The essence of the shift is looking at the bigger picture: the whole business, and not just the IT part. Kinepolis learned from the breach at Maastricht University that having all the solutions in place is little help if they do not integrate properly. The goal has to be to secure the business, and securing endpoints is one element.

 

Kevin built a methodology based on the Viable System Model of Stafford Beer: (slide 6):

 

This theoretical model is key to giving the CISO a wide (holistic) overview of the organisation's landscape, both internal and external.  You need a maximum suite of security capabilities, especially now, with the cloud and so many people working from home.

 

Kinepolis wants to avoid weak spots through orchestrated security, switching to a new solution that allows the security components to be orchestrated. In practice, this requires a high level of solution automation and autonomy, limiting human intervention to meaningful threats. Adequate threat intelligence and threat inspection with custom queries and threat indicators is necessary to handle these threats. A dashboard presenting the aggregated information of the individual security components provides an overview.

 

Kevin's main takeaways:

 

 

Case: Risk-based, endpoint protection strategy at Delhaize

 

Bing van Seghbroeck, Information Security GCA Country Leader at AholdDelhaize shared the risk-based endpoint security strategy of AholdDelhaize. Bing's starting point is ‘information security’ rather than ‘IT security’, which he considers too narrow in scope. For information security, you must first of all know what you want and don't want. Then, you need to define your risk areas and control objectives.

 

For managing information security, there is no preference between a top-down or bottom-up approach.  Both work, so the ‘right’ approach is the one that works best for a given company.

 

Bing is a fan of the 'Wheel of NIST' (Identify, Protect, Detect, Respond, and Recover) to underpin his risk-based approach.  When talking about risks, describe which you want to cover, to be able to do a good risk assessment:

 

This risk-based approach is based on historic events and threat intelligence. Existing threats and past experiences are both crucial. By knowing the attack vectors, you understand what to protect against. Combined with a knowledge of your organisation's maturity, you are aware of your residual risk. (slide 10).

 

Make sure all your decisions are documented in a central register, whether the decisions are based on regulations or policy. Any decision that is not taken in order to implement any control as described in your ISMS, needs to be formally documented and auditable.

 

Bing's conclusions

 

 

 

 

 

 

 

 

 

 

 

 



 

Dear visitor,

Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).

Beltug gathers a lot of information. Here you find the advantages of Beltug membership

The Beltug Team

Click here to login