Like most organizations, you’re likely challenged with defending an ever-expanding attack surface — all the avenues an attacker can get into your network and compromise sensitive data. In fact, over the last decade the average attack surface has substantially grown as the number of devices that connect to a company’s network has rapidly multiplied:
- Laptops, desktops, and mobile devices (company-issued and employees’ personal devices)
- Routers and Wi-Fi access points
- POS systems
- IoT devices
These are all potential entry points into the corporate network, or endpoints. According to the SANS Endpoint Protection and Response Survey, 44 percent of IT teams manage between 5,000 and 500,000 endpoints.
The sheer number of devices virtually guarantees some percentage of them will harbor OS and application vulnerabilities at any given time. While antimalware protection has evolved to a point where it can catch most malicious threats, it can’t stop everything. Fileless malware, for example, is a newer threat that can appear as a normally running process in the computer’s memory, thus avoiding malware signature scanners. The importance of comprehensive endpoint security can not be overlooked.
Beyond Network Security
On the surface, some may believe network security adequately encompasses endpoint security, but that can be a costly assumption. The key difference is that endpoint security is focused strictly on protecting devices while network security is broadly focused on the entire network. Both are essential to an organization but if endpoint security isn’t a priority for you, devastating threats could easily be overlooked.
The fact is, protecting your business from all possible threats is just like securing your home with strong locks and a security system. Most people wouldn’t think of leaving their home unlocked when they go out or are asleep. Similarly, your organization must be vigilant with a comprehensive, 24/7 security process and tools to ensure threats stay out or are quickly identified and eliminated if they get through.
Most companies of all sizes are also subject to some form of compliance and privacy regulation, meaning endpoint security is a necessary step beyond basic network security to proficiently protect your data and reputation. It’s no surprise that your customers expect their data to be secure and are putting deep trust that you will take all precautions to protect it from bad actors. Endpoint security can complete the ring of comprehensive security to save the day without your customers even knowing the day needed to be saved.
Endpoint Security for a Changing Landscape
The coronavirus pandemic radically shifted most facets of daily life around the world, and it could be argued that no area was more affected than the workplace. According to a Gallup poll, “On average, from October 2020 to April 2021, at least eight in 10 workers in four occupation categories have been working remotely,” and that trend doesn’t appear to be changing in 2021. With this dramatic increase in remote endpoints, more vulnerabilities have been created with an even greater need for companies and employees to be on guard for threats.
The vulnerability of remote endpoints is dramatically evident in a 2020 FBI Internet Crime Report which states an increase of 300,000 complaints of suspected internet crime over 2019 and reported losses of over $4.2 billon. If security loss isn’t reason enough to ensure your endpoints are protected, the bottom dollar certainly is. Nefarious characters are always trying to breach every entry point so don’t make it easier by leaving the doors and windows unlocked and unguarded. Some threats more prevalently used to attack endpoints are:
- Unpatched Software Vulnerabilities
Protect Your Endpoints. Protect Your Business!
With dangers lurking around every technological corner, the good news is there are a multitude of tools and solutions to protect your endpoints, data, customers, and reputation:
|Antivirus Solutions||Endpoint Detection Response (EDR)||Managed Detection and Response (MDR)||URL Filtering||Application Control|
|Anti–malware capabilities, antivirus software. Installed directly onto endpoints but can be limited in defending against more advanced cyber threats. Consider adding another line of defense in addition to antivirus solutions.||Software that focuses on the detection of and response to cybersecurity threats on the endpoint.||A service that continuously monitors, prioritizes, and responds to cybersecurity threats with humans behind the wheel. MDR is augmented with EDR solutions by empowering analysts with data and abilities to act on the endpoint.||Restricts web traffic to trusted websites and prevents users from accessing malicious websites. URL filtering can also prevent dangerous downloads to the network.||Controls permissions, ensuring strict restrictions. Uses whitelisting, blacklisting, and graylisting to prevent malicious applications from running any compromised applications.|
|Network Access Control||Browser Isolation||Cloud Perimeter Security||Endpoint Encryption||Security Email Gateway|
|Overlaps with identity and access management. Secures access to network nodes and determines what devices and users can access the network infrastructure.||Executes browsing sessions in isolated environments where it can’t reach valuable digital assets. Activity remains restricted to isolated environments and web browser codes are destroyed at the end of the session.||A protective perimeter around the cloud environments and databases. Enables you to harden the cloud infrastructure against incoming threats.||Prevents issues such as data leaks via data transfer.||Monitors incoming and outgoing messages for suspicious behavior, preventing them from being delivered. Can be deployed to prevent phishing attacks.|
|Sandboxing||Employee Awareness Training||Patch management||Assessments||Staff Training|
|Isolated and secure digital environment that perfectly replicates the typical end-user operating system. Can contain potential threats for observation and help contain zero-day threats.||Organizations that perform regular awareness training are better suited to detect phishing attacks prevent malware infections.||Push multiple systems within the company to stay in sync with the most recent software versions.||Detect unpatched vulnerabilities by conducting penetration testing, vulnerability assessments, and source code reviews.||Educate staff on using blockers and the dangers of various company-approved add-ons.|
|Update Software||Eliminate Unnecessary Software||Ad Blocker||Host-based Firewall|
|Ensures protection against the vulnerably permitted drive-by-downloads.||Remove software that is no longer supported. improves endpoint security and can prevent potential attacks.||Ensure users are protected from redirection to sites that host drive-by-type malware.||Detect malicious links where infections reside and block users from accessing the sites.|
MDR for Maximum EDR Effectiveness
Gartner Research has found that information security and risk management end-user spending is estimated to “grow at a compound annual growth rate of 8.7% from 2018 through 2023 to reach $188.8 billion in constant currency.” This spending directly reflects the fact that threats against businesses are mounting.
Some IT teams focus solely on network security solutions while neglecting their endpoints or leaving their protection to simple anti-virus solutions. As remote employees and bring-your-own-device (BYOD) policies continue to become increasingly common, endpoint security is more critical than ever.
EDR customers may start with simple antivirus to cover their endpoints but as they grow, they need another solution to address gaps — especially from migrating to the cloud. For these customers that already have EDR, adding MDR gives them the ability to address security and resource gaps in an efficient and cost–effective way.
[Related Reading: MDR vs. EDR: How They Compare and Interact]
RiskIQ’s 2020 Evil Internet Minute security intelligence report revealed that every endpoint connected to the internet faces 1.5 attacks per minute. IT teams should ensure that security monitoring detects end-user attacks and supplement traditional anti-virus with next-generation malware solutions and file integrity monitoring (FIM). By leveraging the principals of network security monitoring coupled with detection and prevention solutions, like EDR, MDR providers can offer posture hardening services and expand their threat coverage from network to endpoint detection and response.
To learn more about going beyond EDR to modernize your threat detection and response program, watch this free on-demand webinar from industry experts.