Even in the age of cloud software delivery and predictive analysis, some IT professionals are still relying on surprisingly analog security fixes for systems.
The Glue Gun Approach
One is the old “glue gun approach” which you may have seen practiced at your local library, a university, a hospital, or anywhere else that standard workstation machines have to serve public audiences.
Here, a person in charge of security simply applies a hot glue gun to a USB port.
Why? Because with these standard ports, workstations are inherently vulnerable. Whether it’s a user that inserts a USB that, unbeknownst to them, is infected, or someone with mal-intent uses them to offload data. They’re not really designed for public use, so in the minds of some watchful librarians and other key-holders, it takes this kind of modding to make them safe.
Early in the days of the public Internet workstation, gluing was a resourceful, if annoying, way to protect public computers, but today, it’s really not the best endpoint protection solution.
Avoiding Analog Solutions
2008 article by Carl Weinschenk in ITBusinessEdge highlights some better security practices, and explains why gluing really shouldn’t be considered a “best practice” and though this piece is eight years old, it still describes a discrepancy in how different IT departments operate.
Citing an example from the infamous mortgage-related financial crash of the time, Weinschenk makes the salient point that completely blocking a USB port is only the easiest option, not the best one.
More effective, he notes, would be a system that takes in the entire network and the data within it, and applies a universal endpoint protection solution.
For example, rather than blocking an endpoint, administrators can restrict only the exit of data, and still allow for input.
But, on a much broader level, network-complete security solutions are better, because they are inherently universal, and don’t rely on a practice that looks a lot like boarding up windows – (where one window is missed, the whole system is vulnerable).
Practical Endpoint Protection Solutions
To that end, SentinelOne has built practical endpoint protection solutions that are universal – through the use of machine learning and heuristic models, the company’s resources can help them to effectively monitor every port and every endpoint, much like a real-time visual map could help an auditor to monitor international shipping traffic. It’s the idea of mapping the full system, and putting consistent protocols in place. It has to do with building predictive models of what a cyberattack might look like.
There’s yet another dimension to this that highlights why SentinelOne’s security products fully support client companies and shield them from attack.
It has to do with protecting machines, whether they are connected or disconnected from the network. What if a user disconnects the system from the network to bypass security mechanisms and offload data? Or what happens if a user has, not to their knowledge, an infected USB stick that disconnects from the network and installs malware to bypass scan-based AV systems?
SentinelOne offers ‘offline protection’ for endpoints. This type of ‘failover solution’ or redundant multi-layer security means that if a device is unconnected at any point, it will still get the critical monitoring and pre-emptive threat management that it needs.
With broad, universal endpoint monitoring, and behavioral models for predicting cyberattacks, and state of the art systems for rooting out malware, a security team doesn’t have to resort to gluing ports shut, or locking up workstations in dark rooms, or slashing Ethernet cabling. Put away the physical tool box and get software solutions that will protect the enterprise and key data from hackers, thieves and cyber-vandals.