How to realize the big hurdle of zero trust "endpoint security"?
1. Importance of endpoint security in zero trusts
Last time, I talked about the need to further strengthen security measures for client terminals in order to achieve zero trust security.
In the conventional so-called "perimeter defense" security model, security products such as firewalls and IDS / IPS have been installed between the internal network and the external network (Internet) to shut out external threats. As long as the client terminal stays in the internal network, there is almost no concern that it will be threatened from the outside, and it was possible to continue using it safely as long as the minimum necessary virus check was performed.
However, in a zero trust network, all client terminals and servers are considered to be connected to an open and flat network without distinguishing between the internal network and the external network. Based on this idea, client terminals can be used by connecting to the network from any environment regardless of location, and business systems can be placed in various locations such as cloud environments as well as on-premises environments.
In such an environment, employees can work anytime and anywhere, which enables flexible work styles and is compatible with the recent trend of telework in Korona-ka. In addition, by arranging business systems on the cloud environment and actively using SaaS type cloud applications, it becomes possible to quickly and flexibly introduce and operate the system, and to quickly change the speed of the business environment. You can realize IT with high agility that can follow.
2. It takes a lot of effort and cost to keep a Windows PC terminal secure
However, on the other hand, by shifting from perimeter security to zero trust security, the security perimeter that protected client terminals until then will be removed at once. Therefore, attacks and unauthorized access that were previously shut out at the boundary may reach the client terminal directly.
Therefore, in order to achieve zero trust, it is said that it is essential to strengthen security measures for client terminals. Advanced cyber attacks in recent years can easily evade the quarantine of antivirus products, which have been the mainstay of client security. Therefore, it will be necessary to introduce various security products such as behavior detection, EDR (Endpoint Detection and Response), and SIEM (Security Information and Event Management).
In addition, it is necessary to strictly check whether these products are properly set and operated, and whether the virus definition files are properly kept up to date. Of course, security patches for Windows OS and applications are properly applied, and vulnerability countermeasures are also an important check item.
Furthermore, we must deal with not only external threats but also the risk of information leakage due to internal crimes and the loss or theft of terminals. In order to prevent unauthorized information from being taken out, it is necessary to introduce a solution to limit the use of external storage media such as USB memory, and disk encryption and MDM (Mobile Device Management) are required to prevent loss and theft. ) And other solutions are also needed.
In this way, in order to realize zero trust security, it is necessary to introduce various solutions to client PC terminals, and in order to make them work, it is necessary to spend a lot of time and money on a daily basis. It needs to be maintained.
3. Easily realize a secure thin client terminal with "Resalio Lynx"
There are many companies and organizations that have difficulty in introducing zero trusts due to such labor and costs, or have tried to realize zero trusts but have not been able to achieve their effects. Therefore, we offer a product called "Resalio Lynx" to solve these problems.
In a nutshell, Resalio Lynx makes it possible to use a client PC as a secure thin client terminal by inserting a dedicated USB device into the PC and booting it, or by installing a dedicated OS on the PC in advance. Thing. Since the OS uses a dedicated OS instead of Windows, it is possible to target cyber vulnerabilities in Windows and shut out cyber attacks using techniques such as exploiting legitimate Windows tools.
In addition, since the application program does not run on the client terminal at all, there is no damage caused by attacks targeting application vulnerabilities. When using a SaaS application on Resalio Lynx, the SaaS application is accessed through a locally installed browser to perform business, but this browser has security in various aspects such as file upload / download restrictions. The countermeasures have been strengthened so that SaaS applications can be used safely.
Furthermore, since the data is not recorded on the disk device of the terminal and the data is operated on the memory, no data remains on the terminal. Therefore, there is no risk of information leakage due to unauthorized removal or loss or theft of the device. In other words, it is possible to realize a secure client environment without taking any security measures that are essential for Windows PCs.
Moreover, since the thin client environment can be realized by using the existing PC terminal as it is, the cost performance is extremely excellent. Many thin client terminals are relatively expensive, but with Resalio Lynx, you can use an inexpensive PC as a thin client terminal.
4. Effectively block information distribution and malware infection via the Internet
Most of the conventional thin client terminals are equipped with only the functions introduced so far. In addition, most of the information leakage accidents in recent years are not only the extraction of data using external storage media and the loss or theft of terminals, but also the unauthorized removal and unintentional leakage of data through cloud services. For example, there are many cases in which a confidential file is uploaded to cloud storage and taken out illegally, or conversely, as a result of downloading an illegal file, it is infected with malware.
In this regard, in Resalio Lynx's thin client environment, user upload / download operations are restricted in advance, so information leakage and malware infection via the network can be effectively prevented. Even if the malware is forcibly downloaded, the file will only temporarily exist in the memory and will never be stored on the disk, so the malware will disappear when the terminal is restarted. increase.
In this way, with Resalio Lynx, you can easily realize the important requirement of zero trust, "enhanced endpoint security". On the other hand, as I introduced last time, another important requirement of zero trust is "to properly authenticate and verify each time without unconditionally trusting the user's access to the system". To achieve this, it is necessary to finely set the access rights of business applications and cloud applications running on the server, but set the access rights of various applications running in various locations accurately one by one. It is a difficult task to do, and it is easy for omissions and leaks to occur.
Therefore, in recent years, a solution called "Zero Trust Network Access (ZTNA)" that can centrally manage these on the cloud has been attracting attention. In fact, Resalio Lynx introduced this time can also realize stronger security by combining with this ZTNA. Next time, I would like to introduce the contents of the solution around here.
![pinterest](http://pinterest.com/pin/create/button/?url=https://www.boudy-technology.tn/2022/07/zero-trust-endpoint-security.html&media=https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh36ykzrFD9vgVaqxdV9XGtvqEqBpg04TBWkDy6peeWPpDcitxFYtVQzGMagN4wNNLDHCDnNM5m_e66gPcSYJOHsxeNR5uGTFnhsAjwKxrcHfRFSJTd6VLaVjKz_csUz1fwo5OooHGyKFTB1klaFQ988-mGJAQy7pa9pxc3MYqSyF69vRvRxgG-dvekKA/w1600/cyber-security-2851201_640.jpg&description=How to realize the big hurdle of zero trust "endpoint security"? 1. Importance of endpoint security in zero trusts Last time, I …){kind=link}
Comments