The Importance of Endpoint Security in a Mobile-first, Cloud-first Era

November 13, 2018

The number of client devices within the enterprise has rapidly increased – endpoints such as tablets, smartphones, laptops and desktops. A single employee may have two or more endpoints that have been issued by the organization, on top of their personal devices. Multiply this by the number of end-users in the organization and the number […]

The number of client devices within the enterprise has rapidly increased – endpoints such as tablets, smartphones, laptops and desktops. A single employee may have two or more endpoints that have been issued by the organization, on top of their personal devices. Multiply this by the number of end-users in the organization and the number of endpoints IT has to manage instantly becomes overwhelming. Each of these endpoints represents a point of multiple attacks against the organization’s network, systems, and sensitive data. Securing these endpoints from today’s threats calls for a mix of anti-malware capabilities and a high level of behavioral-based detection and visibility. This is where endpoint security comes in.

While the exact definition may vary among thought leaders in the cyber security space; in a nutshell, endpoint security refers to the process of ensuring that the risks presented by endpoints connected to a network – end-user devices are secured. Though often used interchangeably with endpoint security, the term endpoint protection can be used to describe the security solutions that addresses these risks. By equipping itself with these solutions, the organization has a chance to detect threat actors that use evasive tactics, and reduce the amount of time it takes to handle attacks and minimize the resulting damage.

The Current State of the Market

The online threat landscape is constantly evolving. There has recently been a lot of fuss concerning ransomware due to the rise in malware attacks. The new technologies used by hackers to penetrate systems require a different approach to prevent infection. Risk management and security leaders have to make sure that their enterprise protection platform (EPP) vendor evolves quickly enough to keep up with modern threats. Gartner describes an EPP as a solution deployed on endpoint devices to prevent file-based malware attacks, to detect and stop malicious activity from untrusted and trusted applications, and to offer the investigation capabilities required to respond to security incidents and alerts.

From Gartner’s recent Magic Quadrant for EPPs, we notice that the market listing criteria rose, and now needed to demonstrate even more capability beyond previous core technology offerings. A 2017 Sophos sponsored research study showed that 77 percent of surveyed ransomware victims running up-to-date endpoint security found out the hard way that they needed specialized protection. Following the high-profile Peyta and WannaCry outbreaks in 2017, a whopping 98 percent agreed that having additional technologies such as anti-ransomware technology on the endpoint is important.

Though not all attackers rely on malware, they remain prolific, and keep pounding endpoints relentlessly. The barrage of attacks has also been augmented by a growing number of more complex threat activity. These attacks often use modified or specialized tradecraft to bypass traditional security controls like antivirus and firewalls. Endpoint Protection Platforms surpasses the mere prevention of malware attacks, with data protection capabilities such as data loss prevention, file and disk encryption, and even device control for the most exhaustive endpoint protection possible.

Facing The Mounting Endpoint Security Challenges

Ruminating on the WannaCry ransomware attacks, some companies that were affected by it had the most recent operating system, just not the latest patch. This attack accentuated the perilous reality of outdated systems and the widespread nature of anachronistic technology that most companies are struggling with. When new vulnerabilities are identified, IT has to swiftly query endpoints to comprehend which devices pose the greatest risk and establish their level of exposure. After a remediation plan is established, security personnel should closely collaborate with infrastructure teams to make sure highest priority patches are rolled out as efficiently as possible to block the exploitation of these new vulnerabilities.

Endpoint landscapes are constantly evolving, and it's no secret that keeping up with the changes can be arduous. End users perpetually download applications that haven’t been sanctioned by IT, some which may contain harmful malware. Application and operating system patches are hard to prioritize and aren’t always applied successfully the first time, especially on roaming or remote endpoints with inconsistent corporate network activity or low bandwidth. The hard truth is that endpoint management is a constant battle. That’s why you have to have a solution that allows you to manage, discover and secure your endpoints faster, more consistently and more easily.

Critical Components of Endpoint Protection

Visibility – Securing endpoints calls for round the clock visibility into the activities occurring on those endpoints. Preventing attackers is less about signature-based detection and more about spotting malicious behavior. Understanding the actions attackers took when they penetrated the network is crucial for an organization to enhance its security posture after a breach.

Threat Intelligence – mainly involves gaining insight into potential attackers, their motivations, and their techniques. The more organizations focus on signs of malicious activity, the easier it gets to prevent those that would have, otherwise, slipped under the radar. Threat intelligence allows the enterprise to see the larger picture.

Endpoint Encryption – fully encrypts sensitive corporate data on endpoints, including mobile devices, laptops and other endpoints, as well as individual files, folders, and removable storage devices like thumb drives and CD’s.

Endpoint data loss prevention (DLP) – monitors and protects network traffic when the endpoint is on a remote network, ensuring sensitive data stored on the endpoint is kept safe. It also tracks other usage like cutting and pasting between apps, or even moving a file to a portable storage.

Enterprise mobile device management (MDM) – allows IT admins to secure, control and enforce policies on tablets, smartphones and other endpoints. Enterprise MDM is essentially a suite of security controls that protects sensitive data on an endpoint.

 

Author: Gabriel Lando

By Team FileCloud