Endpoint security is exactly that—the end. It’s the last line of defense.
It’s also maddening. Even when they’re “doing all they can,” CISOs find they are still getting phished or infected. Hackers continue to steal the headlines. In fact, 0-day vulnerabilities have increased by 125 percent according to Symantec’s 2016 Internet Security Threat Report.
Target in Sight
The reality is that the security perimeter has extended into our pockets, and attackers are shifting their focus to human and application weaknesses.
Increasingly, a business’s internet-facing servers are the primary target for these actors. Compromising the servers that run web pages and business applications, they create their own personal jump box into the network.
Ultimately, they are exploiting a weakness.
#1: Human weaknesses—the underbelly is exposed.
Employee workstations are the soft underbelly of any enterprise cyber security plan. Attackers know the workstations are already in the network—and that they're used by humans. The fact that most businesses have no clue what their employees are doing at their workstations has serious security implications in and of itself.
Harden the target: Obviously, it starts with making sure workstations are patched. Likewise, make sure endpoint security solutions are installed and functional. Then, use tools that can monitor network traffic coming out of those employee workstations. If someone is working and you suddenly notice there's a lot of traffic going to some IP address in China, you’ll need to find out why.
#2: Application weaknesses—malicious apps are overrunning endpoints.
The overall security of business-critical apps tends to be outdated and misconfigured. The applications that enterprises typically rely on for mission-critical operations are complex legacy apps. Many of them are homegrown. Most are ill-prepared for the daily onslaught of new threats.
Harden the target: Utilize endpoint application controls to safeguard data and machines against unauthorized access and user error. The idea is to allow only the good apps to execute and stop unknown applications and ransomware at the gate.
#3: Corporate weaknesses—even the best CISOs have blind spots.
Every enterprise has cybersecurity blind spots. Sometimes it’s just failing to follow through on endpoint security. You install a solution, push it out and think you’ve met a checkbox. But, you fail to maintain it, and no one is really monitoring vulnerabilities.
Harden the target: Make sure you’re staffed up. Somebody needs to be paying attention—all day long. If security events happen, they need to know about it and create a ticket.
#4: Cloud Weaknesses—shadow IT casts its pall.
With employees regularly saving and sharing data across a public cloud environment, IT departments are struggling to keep pace. It’s ridiculously hard to control the flow of newly launched cloud and mobile applications.
Harden the Target: Preventing the leakage of valuable company data starts with controlling what employees are installing and using. All those GTD, notetaking and instant messaging apps need to be IT department–approved and monitored.
Next-Gen Defense Holds Promise
The good news is that endpoint protection is evolving. We are seeing the introduction of more machine learning/AI concepts from all vendors. Traditional anti-virus software looks for the telltale signatures of known malware. Next-generation platforms move beyond signatures to look at behavior. They analyze the processes, changes and connections that may indicate foul play.
Platform leveraging is also growing. Symantec, for example, is planning to tie the SEP client into their Blue Coat web proxy offerings.
Of course, the caveat to all of this is that endpoint defense is inherently reactionary to newly developing threats, so it can be difficult to predict the direction of the technology. If some new threat arises, the technology may need to make a hard turn.
There’s Nothing Better Than a Warm Blanket
Assurance is the warm blanket CISOs crave. The want the assurance that someone is managing that endpoint solution and keeping the threats at bay.
There are certainly some options. You could hire a bunch of new employees (an adventure in itself). You could purchase a security product (after testing several) then deploy and manage it.
Or, you could let someone else do it.