Oct 06 2020

How Next-Gen Endpoint Protection Can Secure Federal Users at Home

Federal agencies protect employees working remotely by investing in cybersecurity tools that provide deeper protections.

recent survey of federal employees found that about three-quarters of federal workers remain in telework status. Additionally, nearly a fifth expect to remain out of their offices for at least another year.

Users who are teleworking present a significant and new risk factor for agencies, something worth taking note of as National Cybersecurity Awareness Month gets underway this month. Indeed, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency just issued a guide to help organizations address the cybersecurity concerns of teleworking.

For IT professionals, the guide calls for an increased focus on patching and vulnerability management, enterprise cybersecurity controls, the use of multifactor authentication, the use of organizationally approved products, frequent backups, and domain-based message authentication.

“The Cybersecurity and Infrastructure Security Agency is providing these recommendations to support organizations in re-evaluating and strengthening their cybersecurity as they transition to long-term telework solutions,” the CISA guidance states.

The increase in the number of endpoints in government IT environments, potentially including users’ personal devices, makes endpoint security even more of an issue than it was before the coronavirus pandemic.

Next-generation endpoint protection technologies that go beyond the simple signature detection techniques of the past can help. Although such tools require an investment from government agencies, they offer more robust protections by enabling behavioral monitoring, threat intelligence, vulnerability protection and other security measures.

The Security Threat from Remote Work

Government users who are working remotely pose a significant security risk for agencies. They increase the threat surface via the endpoints they use and how they use them.

First, users could be working on personal laptops and smartphones, which are not known for having the baked-in security controls that come with government-issued equipment, says Alan Shark, executive director of the Public Technology Institute. Users might also be conducting potentially confidential or sensitive work on unsecured home networks while using those devices. Those devices may be shared by other members of a user’s household, which brings its own set of risks since that behavior cannot always be controlled.

“And it’s like the coronavirus,” Shark says. “I mean, it may not be you. You may have good digital hygiene, but somebody else in your family may not.”

Users may also be more susceptible to social engineering or phishing attacks when they are at home. “You have people that transit between personal information and personal emails and work emails, and I think they become a little more lax and they don’t maintain that sense of discipline that they might have in an office, which is always a challenge anyway,” Shark says.

Malicious actors are also sending out more COVID-19-related emails that may look both urgent and official.

Some of these threats can be countered by having users log in to government networks via a VPN, or by using virtual desktop infrastructure to give workers secure access to the applications and data on a desktop from any approved endpoint with a network connection. VDI is especially beneficial if users have a strong broadband connection, Shark says, but a slow connection can lead to a degradation in service.

Mobile hotspots running on a cellular connection can allow users to connect to the internet more securely, according to Shark. Multifactor authentication is also a tool that agencies should employ to enhance endpoint security, he adds.

Finally, agencies should engage in aggressive patch management and ensure that users are actually applying software patches on their endpoints. “There needs to be a set of checks and verifications to make sure that the machines are not just eligible for these updates but that they are actually being done,” he says.

How Next-Generation Endpoint Protection Tools Can Help

Next-generation endpoint protection solutions are designed to help address some of the security challenges that have come to light with the shift to remote work. Such solutions still use reliable signature detection technology but now supplement it with newer techniques, including behavioral analysis, sandboxing, predictive analytics and threat intelligence.

Such tools are especially useful in countering the newest kinds of cyberattacks. According to AT&T’s “2019 Endpoint Security Survey Report,” 49 percent of organizations that do not think their endpoint protection solution provides sufficient protection against the newest attacks.

Next-generation endpoint security is designed to reduce the time needed to detect an attack. The tools also feature endpoint detection and response technology, which moves beyond simple detection of a security compromise and manages an active response that contains the damage, isolates affected systems and recovers normal operations as quickly as possible.

Other elements of next-generation endpoint protection include centralized management, which enables administrators to control the configuration of security deployments, push security policies to endpoints and receive alerts generated from agents that reside on endpoints around the world.

Device control lets administrators modify the security configuration of endpoint operating systems and hardware, and application control enables techniques such as blacklisting and whitelisting apps.

Vulnerability protection proactively identifies missing patches, misconfigurations and other issues on Windows, Mac and Linux endpoints that attackers might exploit.

Alan Shark, Executive Director, Public Technology Institute
It’s about risk, and what are you willing to risk?”

Alan Shark Executive Director, Public Technology Institute

Next-generation endpoint platforms with access to real-time threat intelligence allow them to analyze this information and deploy immediate updates to a vendor’s client base, allowing organizations to block IP addresses, update malware signatures and identify new adversary tactics quickly, providing rapid detection of evolving threats.

Such platforms are not inexpensive and do require an investment from government agencies, and they have a real cost, especially if they come in the form of a subscription that needs to be renewed annually or at a regular interval. Shark, however, says he thinks the cost is worth it.

Part of the reason is that, with remote workforces becoming a more fixed part of the government landscape, agencies will save money on overhead and building costs in the long term. Another reason is that insurance companies that provide cybersecurity insurance may start insisting that agencies deploy next-generation endpoint security protections in order to get the best rate for a policy.

“It’s about risk, and what are you willing to risk?” Shark says. “If you have more people in the field, and we understand that because they are in the field there are extended vulnerabilities for the reasons that we state, then it makes absolute sense to employ known technologies to mitigate that risk.”

Shark says government agencies need to be more vigilant about security than even the private sector because they need to maintain citizens’ trust, which he noted is a “rare commodity these days.” That’s why he thinks investing in next-generation endpoint security is worth the cost.

When a business suffers a cyberattack, customers can go to another store, Shark says. “You can’t go to another government,” he notes. “To me, doing everything possible is critically important to ensure the protection of the system that ultimately ensures public trust.”

READ MORE: How are feds approaching zero trust?

borchee/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT