Endpoint Guide: Threats, Security, Visibility, and ProtectionEndpoint security helps reduce the risk of threats and cyberattacks against your organization. By: Sheila Droski - Product Marketing
In the digital age, more and more employees work from remote locations. Whether you hire freelancers, offer work-from-home days, or allow people to work on the road, employees need to collaborate with their coworkers through email and phone calls, and attend meetings with video conference capabilities. However, many workers need to connect to your corporate network to access shared data and files.
Endpoint devices allow employees to remotely communicate and connect with your networks. Endpoint devices include:
Endpoints are one of the biggest targets for cyber criminals because these remote devices are especially vulnerable to attacks. Criminals often attempt to use endpoint devices as entry points to access corporate networks and steal data, leverage existing software vulnerabilities, or hold information hostage.
The threat landscape has grown increasingly sophisticated, and with the exponential adoption of connected devices by organizations comes an ever-expanding attack surface. Two of the biggest and most persistent endpoint threats are phishing and ransomware attacks.
- Spying on user activity
- Stealing login credentials
- Delivering ransomware and other malware
- Gaining an entry point to an organization's network
According to Secureworks researchers, ransomware is the no. 1 cyber threat to organizations. These attacks are raising the stakes by creating high demand for stolen credentials and data, while expanding the repertoire of tools and techniques for threat actors. Threat actors have realized that data is money and have refined their techniques since the early days of ransomware. Ransomware is changing the game, which means you have to refine how you protect your endpoints from this threat.
Maintaining cybersecurity in the face of COVID-19-driven organizational change can help you protect your organization against phishing and ransomware attacks. The trend of remote working shows no signs of waning. Efficient detection and protection on these remote endpoints is a must to protect your organization and reduce wasted staff hours every year.
Endpoint Security Solutions
Endpoint security requires a combination of solutions, either managed by experts on your security team or by a third party.
Endpoint Threat Prevention
Endpoint protection, sometimes called endpoint threat prevention, includes technologies like antivirus (AV) and next generation antivirus (NGAV), which focus on identifying threats and either blocking or quarantining them. This software looks for known and unknown malware, tools used by threat actors, and other potential threats. Signature-based protection looks for known threats, like a virus or trojan, while behavior-based protection looks for suspicious activity, even when it isn’t leveraging malware. This is necessary technology that reduces the threats that reach your organization, but all an attacker needs is one gap to get past these solutions.
With over 350,000 new malicious programs or potentially unwanted applications registered each day by the AV-Test Institute and an average of 30,000 new websites hacked every day, it is impossible for any prevention technology alone to keep up, so adding visibility on the endpoint is important.
Endpoint Detection and Response (EDR) helps find threats that slip past AV or NGAV. When monitored via an AI-driven security operations and analytics platform, EDR may drive actionable remediation recommendations. EDR tools and solutions focus on providing the visibility you need to detect, investigate, and mitigate potential threats.
While EDR technology helps illuminate blind spots, it requires trained security analysts to interpret the output and take action. For example, if an intruder breaks a window or picks a door lock, your home security system will ring an alarm, alerting you of the potentially dangerous situation. Someone must still validate the threat to ensure the alert wasn't just a raccoon tripping your security camera motion detectors. EDR provides the earliest possible warning that an endpoint device may have been compromised, but just like a great home security system you need experts to understand the data so you can respond appropriately and effectively.
Servers are also susceptible to malware and targeted attacks, even when in a datacenter with controlled access. Though they are typically inside the protected corporate network, servers are often a target due to their high concentration of enticing data. Threat actors move laterally between compromised endpoints and servers to bypass other security controls. Monitored server protection using the same security products you install on other endpoints facilitates compliance and visibility for your critical servers.
Endpoint Vulnerability Identification and Prioritization
Protecting against endpoint threats with NGAV and adding visibility with EDR are important steps, but strong vulnerability management (VM) is also important. A recent Secureworks Threat Intelligence Executive Report states that If you do just one thing after reading the report, you should update your asset inventory. You can’t patch it if you don’t know you’re using it.
A complete VM solution will:
- Discover assets to identify business-critical and unknown or unprotected endpoints
- Identify and prioritize unpatched software and operating systems
- Prioritize vulnerabilities based on threat level and unique context of your organization
- Recommend remediation actions with predicted remediation timeframes for specific vulnerabilities
Beyond the Endpoint
Endpoint threat prevention and visibility are critical to identify threats that may be lurking in your organization, but there will always be gaps due to unknown or unprotected endpoints. Endpoint telemetry combined with continuously updated threat intelligence and data from network and cloud security controls provides a more complete view of potential threats to your organization. AI-driven analytics saves time and makes your security team more effective and efficient by automatically correlating all this data to bubble up important alerts fast. Whether you manage this in your SOC via an extended detection and response solution or have it managed for you, the goal is use your endpoints to reduce the time to detect and effort to respond to cyber-attacks so your security team has more time for initiatives that help grow your business.