Best Practices for Special-Purpose System Security

Endpoints come in all shapes and sizes, with most of them serving as devices that connect to various applications for feeding data, processing and verifying information, and ensuring seamless organizational and business transactions. While portable devices like laptops, tablets, and cell phones are commonly used multifunction endpoints, there are also a range of special–purpose endpoints which are connected to the network to perform specific transactions like payments (i.e. card-swiping machines), check-ins (i.e. airport kiosks), and machine control (i.e. industrial control systems). 

What Are Special Purpose Systems?

A special-purpose system or device is an endpoint that has been programmed to perform a very specific function. Usually, it has limited computing capabilities and is loaded with software that is designed to meet the business needs of the organization. Such endpoints include automated teller machines (ATMs), check-in kiosks, ticket vending machines, and point of sale (POS) terminals. In many cases, special-purpose systems like POS terminals used for billing are an integral part of customer interaction, and in some cases, like ATMs and self-check-in kiosks, they are meant for direct customer use as well. 

Security Challenges for Special-Purpose Systems

Endpoints used as special-purpose devices, especially ones that are outside the company-owned premises, are prime targets for cybercriminals. They are easier to access than endpoints located on company-owned premises with strict access control. Also, most organizations secure their endpoints with basic security solutions, such as antivirus, which rely heavily on a directory of signatures (known-bad). This leaves them vulnerable to attacks from fileless malware and zero-day attacks. It’s no surprise, then, that The Third Annual Ponemon Institute Study on the State of Endpoint Security Risk found that 68% of IT security professionals say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019.   Here’s a closer look at why special-purpose systems can be susceptible to cyberattacks.

Accessibility

Special-purpose devices aren’t just found in an organization’s office locations. They can be spread widely across counties, states, nations, and even continents. Also, many of these systems may not have physical security to protect them from direct access by a threat actor. Fixed-function devices like POS terminals are accessed by a range of users including store staff, temp hires, and contractors, while ATMs are meant for direct customer use. Ensuring protected access may not always be possible or practical. Also, these devices connect directly to applications, providing attackers entry into the network. In the event of an attack, a lack of segmentation between endpoints and the corporate network allows attackers to move laterally, giving access to sensitive data. 

Weak Security

Most organizations devote a large chunk of their security budget to protecting business-critical applications, while endpoint security has to make do with basic antivirus solutions. Moreover, an enterprise may operate thousands of endpoints that need protection, making it very expensive to regularly upgrade security. Companies also use bandwidth-heavy, signature–based endpoint security – meant for general-purpose endpoints like laptops and desktops – on special-purpose devices. This causes performance degradation in special-purpose systems that have limited RAM and processing power. 

Legacy Software

Though special-purpose devices are limited in function, they still need an OS from OEMs like Windows or Linux. However, because of this limited function, special-purpose systems can theoretically run for years on legacy systems without the need for an upgrade. The flip side is that OEMs stop supporting legacy software once it has reached the end of life. This leaves systems running on legacy software vulnerable to attacks. 

How to Secure Special-Purpose Systems

Special-purpose devices face a unique set of security challenges, and numerous studies have shown that antivirus solutions have not been successful in mitigating attacks. Protecting special-purpose devices requires a different approach to security – one that not only secures these systems, but also simplifies security without additional costs. 

Visibility

Visibility plays an important role, as it gives security teams deeper insight into applications, processes, and threats across endpoints. It allows for assessment of system functions, understanding of processes that need to be executed to perform said functions, and detection and analysis of any pre-existing threats in fixed-function devices. Armed with this knowledge, security teams are better positioned to take necessary security measures. 

System Lockdown

Signature-based antivirus solutions are often unable to protect against sophisticated malware with unknown signatures. Most special-purpose devices have a fixed function, which basically means that they only need to run a specific set of applications and processes.   Locking down the systems at the process level using whitelisting and blacklisting ensures that only authorized processes are allowed. Kernel–level security can provide granular controls to thwart zero-day threats, fileless malware, ransomware, advanced persistent threats (APTs), return-oriented programming (ROP), remote access trojan (RAT), and many other threats.   System lockdown is also a cost–effective solution to protect systems that are running on unpatched or difficult–to–patch versions of Windows and Linux. Apart from eliminating the need for expensive and time-consuming patch management exercises, system lockdown also reduces system upgrade costs. 

Reports and Audits

Every security professional knows that securing any system is never a one-time project. It is a constant process of monitoring, reporting, and auditing. Solutions that provide detailed reports on incidents, suspicious files, and blocked processes help simplify system audits and provide rich, actionable insights. Robust reporting is also useful in maintaining a consistent security posture while reducing financial liabilities caused by breaches and non-compliance with industry-specific security standards like PCI-DSS (including the forthcoming PCI-DSS 4.0) and HIPAA. 

Get Superior Protection for Special-Purpose Systems

Enterprises in industries like banking, retail, travel, and healthcare rely heavily on fixed-purpose systems to conduct business. ColorTokens Xprotect is designed to secure critical special-purpose devices running on Windows and Linux OS, including unpatched or legacy software. Here’s how it can help your organization defend against complex cyber threats.