New solutions featuring AI, encryption and cloud-based analytics key to halting increasingly sophisticated threats.
Anytime-anywhere network connectivity has fundamentally changed how, when and where work gets done, but it also presents additional challenges. With rising numbers of remote and mobile employees using a variety of endpoint devices to operate from beyond the secure network perimeter, organizations now must cope with a dramatically expanded attack surface and millions of new vulnerabilities.
Malicious actors have stepped up their attacks on remote endpoints such as laptops, tablets and smartphones in order to gain a foothold into corporate networks. A WatchGuard study found that endpoint attacks grew by nearly 900 percent in 2020, and the Ponemon Institute reports that more than two-thirds of companies have been compromised by attacks that originated on endpoint devices.
“Corporate endpoint breaches are skyrocketing and the economic impact of each attack is also growing due to sophisticated actors bypassing enterprise antivirus solutions,” said Larry Ponemon, chairman and founder of Ponemon Institute. “Over half of cybersecurity professionals say their organizations are ineffective at thwarting major threats today because their endpoint security solutions are not effective at detecting advanced attacks.”
Endpoint security practices typically lean heavily on antivirus (AV) solutions that monitor network traffic to find sequences and patterns that match known attack signatures. That’s an inadequate approach these days because most malware variants change frequently to alter those traditional characteristics. It is estimated that AV solutions miss almost 60 percent of endpoint attacks.
Fileless malware attacks are particularly troublesome. Also known as zero-footprint attacks, they leave no identifying footprint because they don’t actually install malware on a device. Instead, malicious PowerShell scripts are inserted into memory or the registry to collect sensitive information before disappearing without a trace when the infected computer is rebooted.
Complicating matters is the fact that remote users often engage in risky behaviors that introduce vulnerabilities. In various surveys, remote users report they do not update their devices or applications regularly, and most admit they don’t even know what security measures are in place on their endpoint devices. According to one survey, more than three-quarters of remote workers admit using unmanaged, insecure endpoint devices to access corporate systems.
Layered Approach Needed
With organizations committed to the continued support of remote, mobile and hybrid work, endpoint protection is a top priority for 2022. Most analysts agree that it will require a multi-layered approach featuring more than one solution. Here’s a brief look at some of the key solutions that can boost endpoint security:
- Endpoint protection platforms. EPPs integrate antivirus, antimalware, data encryption, personal firewalls, intrusion prevention and data loss prevention to detect and block threats at the device level. Software is usually loaded on a server or gateway appliance where it can be accessed by devices with lightweight client software. The server authenticates logins from the endpoints, and updates the client software when needed. EPPs also leverage the cloud to store and share threat detection information.
- Endpoint detection and response. EDR solutions continuously monitor endpoints and network events, using advanced behavioral analysis and machine learning to identify suspicious files. When a known threat is identified, the EDR solution triggers rules-based responses such as sending an alert or logging off the user. Additionally, data about all identified and suspected threats is recorded in a central database for further analysis and investigation. This enhanced visibility enables anomaly detection and alerting, forensic analysis and threat remediation.
- Zero-trust services. With these solutions, all applications and processes running on endpoint devices are evaluated by a cloud-based analytics engine. Multiple machine-learning algorithms process hundreds of different behavioral and contextual indicators in real time. Only apps and processes classified as trusted are allowed to execute on the endpoint device.
- Endpoint encryption. Sensitive company data residing on laptops, smartphones, USB drives and other devices is rendered unreadable to unauthorized users. It can be deployed in several ways. Full-disk encryption locks down the entire device, including data, files, the operating system and software. Folder encryption can be used to secure specific folders or applications. File encryption is a more granular approach that ensures sensitive data is always encrypted whether in storage or during transmission.
The continued reliance on a remote workforce will require organizations to secure an ever-increasing number of endpoint devices that connect to the corporate network. Simple signature-based defenses are no longer sufficient to identify and interrupt increasingly stealthy and sophisticated attacks. Advanced solutions that incorporate AI, encryption and cloud-based analytics are becoming essential for protecting sensitive network assets.