Saturday, 8th August 2020

It’s time for our notion of the endpoint to change

It’s no secret that IT has evolved and, as a result, so has our approach to cybersecurity. For example, focus has shifted from a purely preventative strategy to one that seeks to reduce the time to detect and mitigate a security incident. However, one thing that hasn’t received a lot of attention is our concept of the endpoint. The endpoint is no longer just the hardware devices connecting to the network, but the applications that users leverage to work with your organisation. By Chad McDonald, VP of Customer Experience at Arxan Technologies.

It’s time for our notion of the endpoint to change. Once we acknowledge this change, we can properly protect the new endpoint — our applications.

The Traditional Endpoint, Evolved

We traditionally think of an endpoint as a hardware device - a laptop, desktop, or mobile device - that accesses network resources. For a long time, these were the endpoints we needed to secure and protect the IT infrastructure and data against. However, if we consider the definition of endpoint—an entry point to a service or process—and the ways in which our services and processes are accessed today, it becomes clear that the endpoint has evolved. The population of endpoints has greatly expanded and continues to expand due to the Internet of Things. For example, today your HVAC system, your Point of Sale (PoS) systems, and even your physical security systems may connect to your network.

In this new world of diverse endpoints, the traditional approach to endpoint security no longer applies. Let’s face it: we were never able to fully protect traditional endpoints in the first place, and the design of modern applications and their usage renders the old strategy moot. Many of the connected devices on the market lack operating systems or firmware capable of being patched on an ongoing basis. Even if they were, organisations lack the ability to update the myriad of endpoints accessing their environment. Finally, it’s worth keeping in mind that there are many dependencies within a device that can be compromised and turned into vulnerabilities: the application, APIs, network servers, third parties, etc.

So, where does that leave us? When it comes down to it, all these devices are connected to the web via an application or an API.

Your Application as an Endpoint

Let’s look at the concept of an endpoint from another perspective — your apps. In the past, you would have taken precautionary measures to protect your network or services from being infected by endpoint devices, whether they are corporate-provisioned laptops or personally owned devices. Today, apps are most often the front-line interface for customers and partners. In order to ensure fast performance and optimal customer experience, app developers are pushing more logic into the front end (client side) of the application—outside of the realm of your firewall and other network and endpoint security tools. This leaves your applications vulnerable to an attack. Consider, for example, the Magecart attacks on web applications. Attackers skimmed credentials from the website and never triggered any security alert because the theft happened on the front end before data even reached the network.

When you make an application publicly available, you’re effectively distributing an endpoint to the masses, making it possible for anyone, anywhere, to access your service. But you don’t own the users’ devices. You don’t own their security settings, have no control over whether they are jailbroken, and may not even know what other apps are on them. So, how do you protect yourself?

Protecting the New Endpoint

To begin, adopt a zero-trust security model. Zero trust assumes that the device on which your application runs is an untrusted environment that’s already compromised. This forces you to think about how to protect your critical data and intellectual property in a hostile environment.

Next, treat the app as the endpoint. Applications contain a lot of information that attackers can use to compromise your critical infrastructure or bypass security controls. Valuable data also lives inside the application on the user’s device. Protect your applications from being compromised or from freely providing attackers with valuable information such as cryptographic keys, API endpoint references, payload formats, credentials, and account information.

Finally, close the loop. Application security efforts don’t end when the app is out in the wild. Implement real-time threat analytics so that you can gain the visibility you need to continually bolster your app’s protections. App threat analytics allow you to see the environment where your application lives, the security posture of the app, how and where its being attacked, and how to update protections on the app so that its underlying and data and structure are not compromised.


An internal application may be used by hundreds or thousands of users, including both your employees, as well as partners and other third parties. And a successful customer-facing app can have hundreds of thousands, if not millions, of users. That means there are hundreds of thousands, if not millions, of endpoints out in the wild connecting to your services. The truth is you can’t protect every device your app runs on, but properly protecting your apps will significantly increase your overall security. Organisations have to take action now, because apps are only becoming more sophisticated and growing more valuable to attackers.

By Joseph Carson, chief security scientist at Thycotic.
By Miles Tappin, Vice President, EMEA at ThreatConnect.
By Dan Schiappa, Executive Vice President and Chief Product Officer, Sophos.
By Jesper Frederiksen, VP and GM EMEA at Okta.
By Keith Banham, mainframe R&D manager at Macro 4, a division of UNICOM Global.
By Mikkel Stegmann, Principal Scientist at Fingerprints.