Endpoint security: The year ahead
by Nick Lowe - Check Point - Monday, 17 January 2011.
Predicting the distant future of IT security is tricky, but the near future – the next 12 to 18 months – is a little easier. After all, the seeds of what is to come were planted in the recent past. Traditional security threats posed by hackers, viruses and worms over the past 10-plus years are still a concern, and have been joined by newer, emerging threats from the proliferation of Web 2.0 apps, mobile computing and custom attacks.

These threats are dramatically increasing security complexity. But they’re not the only issues concerning businesses. There’s also the simple mistake, or moment of carelessness by a trusted employee when handling data, which can have far-reaching consequences unless the risks are mitigated.

So what specific threats should organizations be preparing for during the coming year? And what are the implications for business IT security infrastructures? Based on our research and feedback from customers, here are Check Point’s thoughts and projections for 2011 and into 2012.

Be Web 2.0 wary

While malware, phishing attacks, Trojans and key-loggers continued to proliferate on Internet applications, the emergence of more rich-media capabilities in Web 2.0 apps and mobile devices will increase the number of drive-by-downloads and sophisticated, blended attacks.

For example, embedded videos and links in social networking pages are becoming popular spots for hackers to embed malware. The more employees that use rich media and Web 2.0 applications in an organisation, the greater the chance of unwittingly exposing the company to an attack – unless the right protection is in place.

Fitting new Windows

According to the Check Point survey mentioned earlier, 7% of organizations have already made the leap to Windows 7 and another 54% plan to migrate in the next two years. In addition, organizations are using an average of nine different vendors to secure their organization's infrastructure from the network to the endpoint, creating difficulties in security management, loss in productivity and potential security holes in between the individual products.

Businesses may find that Windows 7 migration is a good time to look at the number of security vendors’ solutions they are using and decide to consolidate endpoint security solutions. Because Windows 7 presents a clean slate for the OS, it can be a clean slate for security as well.

Virtualization security becomes real

Businesses are starting to leverage virtualization technologies as an additional layer of security defense, supplementing traditional security solutions. Examples include browser and session virtualization that segregates and secures corporate data from the Internet – allowing users the freedom to surf with full protection against drive-by-downloads, phishing attempts and malware.

Taking it with you: mobile working and consumerization

Mobile computing is no longer a trend but a way of life for most businesses. 54% of the organizations we surveyed anticipated that their remote users will increase in numbers in 2011. In part, this is driven by employees demanding remote access to business applications, data and resources – connecting from both corporate and personally-owned devices.

The majority of organizations surveyed were also concerned that growth in remote users will result in exposure to sensitive data – with security threats including unauthorized network access and user management complexity.

In 2011, attackers will identify new ways to obtain data from mobile devices, encouraging enterprises to adopt new solutions that give employees secure mobile access to the corporate network, and that work across a range of mobile devices running on Apple, Android, Symbian and Windows PC platforms.


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th