Endpoint Security Best Practices
Executive Overview
W HY S ECURITY B EGINS AT THE E ND
When securing industrial systems and
applications, the first line of defense lies at
the end: Endpoints. Endpoints represent
key vulnerable points of entry for
cybercriminals. This is where attackers
exploit vulnerabilities, execute code and
where there are assets to be encrypted.
For decades, organizations have heavily
relied on antivirus as a means to secure
endpoints. As more enterprises adopt
practices such as BYOD, workforces
become more mobile and users connect to
internal resources all over the world,
endpoint security requires more than
detection and response. It requires
changing the security paradigm from
detecting to preventing.
Security Levels
Endpoint security comprises the entire
strategy and technology stack required to
protect endpoints from threats and
attacks. Endpoint protection supplements
a centralized security framework with an
additional layer of protection at points of
egress. A thorough understanding of
where vulnerabilities lie within your
industrial system is crucial in addressing
the architectural considerations required
to protect and secure endpoints. Each
endpoint should have an appropriate level
of security.
The IIC Endpoint Security Best Practices
white paper defines three levels of
IIC Journal of Innovation
ENDPOINT (Noun)
The IIC Vocabulary Technical Report defines an endpoint as
a “component that has computational capabilities and
network connectivity”. Thus, endpoints may include edge
devices (e.g., embedded medical devices, sensors and
actuators in vehicle controls systems as well as pumps,
heaters and flow meters in manufacturing systems),
communications infrastructure, cloud servers or anything in
between.
GUIDANCE AND COMPLIANCE FRAMEWORKS
The Endpoint Security Best Practices document distills
existing industrial guidance and compliance
frameworks documents down to the essentials (12
pages) with extensive footnotes so readers can find
more details about topics that interest them within
the source documents.
The security levels defined in the Endpoint Security
Best Practices Document correspond to security levels
2, 3 and 4 as defined in IEC 62443 3-3.
IEC 62443, formerly known as ISA 99, is the global
standard for the security of Industrial Control System
(ICS) networks and helps organizations to reduce both
the risk of failure and exposure of ICS networks to
cyber threats. One could read these source documents
for the industry standards IEC 62443 and NIST SP 800-
53*, but that would require reading thousands of
pages – much of which is not applicable for today’s
industrial internet environments.
52