With the transition to mobile, remote and hybrid work models, organizations today commonly support tens of thousands of network-connected endpoints such as PCs, laptops, tablets and smartphones. That has resulted in a greatly expanded attack surface and created a wealth of opportunities for malicious actors.
Endpoint ransomware attacks increased by a staggering 627 percent in Q4 2022, according to the latest Internet Security Report from data security provider WatchGuard. With the average cost of such attacks now approaching $5 million, it’s clear that improving endpoint security is a business imperative. Here are some essential endpoint security best practices that all organizations should consider:
Patch frequently. Up to 85 percent of all cyberattacks exploit unpatched vulnerabilities. A patch management program limits your exposure by establishing a framework for testing and installing critical security patches and updates on all endpoint devices.
Enable tamper protection. One of the first things attackers do after accessing a system is to try to disable or remove any security measures. The tamper protection feature in endpoint settings prevents malicious applications from disabling or modifying security software such as virus and threat protection.
Enable forensic logging to the cloud. Ransomware attackers typically wipe system logs to cover their tracks. Forensic logging to the cloud ensures you can access a version of log data for performing root cause analysis of an attack.
Manage exclusions. To enhance system performance and reduce processing delays, endpoints are often configured to exclude trustworthy files and folders from being scanned by threat detection engines. However, the list of exclusions can grow over time and open too many holes in your defenses. Review exclusions regularly and remove those no longer needed.
Use multifactor authentication. MFA reduces reliance on passwords by requiring users to provide one or two additional verification factors to prove their identity. When integrated with least-privilege access solutions, MFA provides much greater control by limiting access to certain systems and resources to those with a specific type of authenticator.
Encrypt endpoints. Encryption ensures sensitive company data residing on endpoint devices is rendered unreadable to unauthorized users. It can be deployed in several ways. Full-disk encryption locks down the entire device, including data, files, the operating system and software programs. Folder encryption can be used to secure specific folders or applications. File encryption is a more granular approach that ensures data is always encrypted whether in storage or during transmission.
Establish a zero-trust environment. Most leading security vendors now offer solutions that use artificial intelligence (AI) to extend zero-trust principles to endpoint devices. These solutions generally incorporate a cloud-based AI platform that continuously monitors all applications and processes running on endpoint devices. Machine learning algorithms process hundreds of different contextual behaviors in real time to evaluate all activity.
Implement endpoint detection and response. EDR solutions continuously monitor endpoints and network events, using advanced behavioral analysis and machine learning to identify suspicious files. When a known threat is identified, the EDR solution triggers rules-based responses such as sending an alert or logging off the user.
Hunt for adversaries. Extended detection and response (XDR) solutions combine threat analysis, detection and response to identify threats in advance of an attack. XDR tools continuously collect and correlate real-time security data streams from multiple sources to identify an attack’s unique characteristics, and then actively hunt for similar threats and disrupt them in advance of an attack.
Anywhere-anytime network access allows organizations to become more agile and responsive, but there’s a price to be paid. Greater numbers of network-connected endpoint devices leave companies with significantly expanded attack surfaces. Contact the security pros at Verteks for more suggestions about how to reduce your risk of ransomware and other endpoint attacks.
