Cloud computing
Endpoint protection: what it is, how it works and why it is important
Organizations often focus their security efforts on the data center and invest significant financial and intellectual capital to protect the centralized servers and storage that drive their productivity, but may neglect endpoint protection.
However, data center resources, never the less, are useless without user endpoints that can access and manipulate vital business data from almost anywhere a network connection is available.
Therefore, IT administrators must adequately protect these endpoints and include them in security assessments just like any data center infrastructure.
Unfortunately, many organizations treat endpoint protection as a secondary issue while IT and business leaders make incorrect assumptions about infrastructure, tools, and personnel.
It is a scenario with all the hallmarks of a potential and dangerous, digital, perfect storm.
Endpoint protection, the numbers of a growing risk
Any device, such as a smartphone, tablet, or laptop, provides an entry point for threats.
Endpoint security aims to adequately protect all endpoints that connect to a network to block access attempts and other risky activities at these entry points.
As more and more companies adopt practices such as BYOD (Bring Your Own Device) and remote/mobile employees, the security perimeter of the corporate network has essentially melted away.
A true and consistent trend even before 2020, but one that in the midst of the recent healthcare emergency has inevitably reached an unprecedented level and, today, with the explosion of distributed work, risks being a huge problem for all shapes and sizes of businesses.
Everyone, no one excluded, today demands to be able to work when we want, where we want, if we want with the same user experience…everyone (almost) no one excluded demands our personal devices to do increasingly professional work, a trend that has unleashed cyber threats and led phishing,Clusit data in hand, to grow by more than 200 percent in May 2022 alone compared to 2019.
In more detail, a comparison of the numbers for the first half of 2018 with those for 2022 reveals a growth in attacks of 53 percent (from 745 to 1,141).
During the same period, the monthly average of serious attacks globally grew from 129 to 190.
From a qualitative point of view, the impact (severity) also increased very significantly. In terms of the types of attaccji, which are increasingly targeting “mobile” users malware continues to dominate the scene, albeit slightly down from 2021 (-4.6 percent).
In particular, ransomware attacks continue to be a major contributor to the primacy of this type, which totals 38 percent of overall attacks. Unknown techniques (Unknown category) represent the insidious unknown in second place (+10% compared to the first half of 2021), surpassing the Vulnerability category (-26.8%) and Phishing/Social Engineering, which rose sharply with +63.8% year-on-year.
Not only that, the useful findings the 2023 data are even worse because we are talking about spikes over 200 %.
An unstoppable and clear trend.
Why endpoint protection in the enterprise is important
The client-server computing model is an approach proven over the years at every latitude.
The idea is to concentrate or centralize resources in a data center so that IT can manage them centrally.
A traditional example of this paradigm is enterprise e-mail, where users use e-mail client applications such as Outlook to exchange messages through the e-mail server application such as Exchange.
These components run on a physical server located in the data center.
In such a scenario, endpoints pose particular security risks and challenges for any organization, and if attackers gain access to the endpoint via a username and password, they can potentially devastate any organization.
Five main risks for those not managing endpoint protection and some possible remedies
So here are five of the main and most dangerous risks faced by those who forget to address the challenge of endpoint protection.
Read credentials
In most cases, all an endpoint needs to gain access to an enterprise data center is a valid username and password.
Too often, users compromise their credentials, opening the door to common attack methods such as social engineering.
Once a malicious user has access, it is relatively easy to read, copy or delete important files and data authorized by that access.
Advanced authentication techniques such as Single Sign-On (SSO) can exacerbate the risk by essentially accessing each authorized application with the same credentials rather than requiring different credentials for each application.
Today, organizations are addressing endpoint credential risks with more aggressive endpoint security policies such as forcing periodic password changes, multi-factor authentication (MFA)-such as recognizing access via a user’s personal smartphone-complete logging of user activity, and other analytics.
This simplifies the identification and management of unauthorized access.
However, organizations face the challenge of balancing a user’s productivity and ease of use with the security needs of the enterprise.
Security perimeters devoid of meaning and utility
Security software has traditionally used a perimeter approach in which endpoints operating within a given perimeter, precisely, such as an organization’s local area network, can access applications and data.
On the other hand, endpoints that operate outside the perimeter, such as endpoints that connect through an Internet gateway, cannot.
The local endpoint was connected to a known network port, used a known local IP address, and had to be a known and authorized endpoint.
Today, the inherent security of a perimeter is essentially meaningless.
The proliferation of Internet-connected endpoint devices allows users to operate virtually anywhere a network is available.
Users can access from desktops at work, laptops from home, tablets from hotels, smart devices from the road, and so on.
This means that an organization needs to manage endpoint devices with more versatile and intelligent security tactics such as VPN, endpoint validation (checking the endpoint for a minimum operating system and version of anti-malware), and comprehensive logging of user activity.
Heterogeneity of endpoints
Endpoints have historically been a problem for enterprise IT because of their customizations.
Unless organizations preconfigure endpoint devices, users will add their own customizations to each device or even work from their own devices.
Each of these devices will have unique settings and configurations that may not support an organization’s security needs.
Customized and diverse endpoints present an endless array of potential threats such as unpatched operating system versions, missing or outdated anti-malware tools, and malware already present on the endpoint.
And these problems do not even take into account the risks of zero-day threats.
Today, enterprise IT administrators use VPNs and endpoint validation checks to ensure that an endpoint attempting to gain access meets minimum installation, configuration and other system integrity criteria.
This allows the enterprise to verify that an endpoint is running a patched operating system and up-to-date anti-malware before allowing the endpoint to connect.
When to use it
PaaS is frequently used in many areas involving modern applications based on microservice architecture.
Among these we can mention:
- API development: for all intents and purposes, PaaS is the natural habitat for modern application development.
With PaaS, developers can find the development environment best suited for their applications to safely create, run, and manage the APIs and components of the microservices architecture on which modern software is based. - Business Analytics (Big Data) and IoT: Modern data analytics applications, based on artificial intelligence technologies, are being developed on PaaS platforms.
Other emerging technologies frequently find their applications in PaaS, as in the case of the Internet of Things (IoT).
Unmanned automation
Automation has proven, and is proving, increasingly valuable to data centers: it can ensure consistency and reduce errors for many routine tasks.
However, automation has its limitations, and threats to endpoints can be difficult to predict.
Two problems with automation are rule obsolescence and error handling.
For example, try considering an automation tool that monitors endpoint configuration and forces an update or patch of the operating system.
The goal is to ensure that the endpoint meets a minimum configuration standard before allowing it to access the corporate network.
But the rules and policies coded into automation require regular updates, which can be a significant amount of work for IT professionals.
A second problem is that automation rules can return an error such as a patch or update that is not installed correctly.
IT must ensure that automation notifies the endpoint user and an IT administrator when an error occurs.
They will receive the details they need to remediate, but the reporting component is essential to this process.
Any problems with reporting will leave users confused and IT administrators unable to help.
User behaviors
The risks posed by endpoint devices are often exacerbated by the users themselves.
Companies often rely on written policies and rules-use policies-that outline the requirements and expectations of endpoint users when accessing corporate resources.
The problem here is that the company essentially defers critical security issues to end users.
Relying on employees, customers, partners, and other users to keep endpoints properly configured, patched, and updated can lead to some additional vulnerabilities; the challenge of endpoint protection cannot be left in their hands.
Although it is always helpful for users to understand acceptable use terms and be aware of best practices, it is risky for organizations to rely on users with little or no IT background to take an active role in managing endpoint protection.
Organizations can manage endpoints more effectively with tools designed to validate the configuration of each system before access is approved and monitor user activity for suspicious behavior while the user is logged on.
Different approaches to endpoint protection
Knowing the most serious risks, IT administrators can work to strengthen the security of endpoint systems used to access the corporate data center.
An organization will typically adopt a range of strategies and tools to provide what is called a comprehensive and flexible security “posture.”
Data encryption
What happens if a malicious user is able to access or gain access to network traffic?
Advanced data encryption is often the answer to this breach scenario and many others.
Using encryption tools to encrypt inactive and in-transit emails and corporate data can render sensitive data unusable even if a malicious actor gains access to the device, network, or storage.
Endpoints that store and access data must also support encryption.
Training employees
Social engineering is one of the most common ways for a malicious user to gain access to corporate data.
Getting a user to simply give up their login credentials can be much easier and quicker than other, more invasive systems.
It is, in essence, a matter of making the most of the poor perception of digital risk shared by millions of corporate users at this time.
Training alone is not enough to ensure a true endpoint protection strategy, but outlining security best practices, along with regular reminders and alerts, can go a long way toward increasing user awareness and preventing an easy vector of attack.
Use of endpoint security policies
Corporate IT departments can exercise control over endpoints that log in and access corporate data.
However, such control does not occur automatically; IT must establish, enforce and update it regularly.
Examples of simple but useful policies include group access and forcing periodic password changes.
Group access allows IT to organize users by type and allow or deny access based on group policies.
These policies should always follow minimum privilege practices.
Similarly, regular password changes make it much more difficult for attackers to guess a user’s password.
Implement an endpoint protection infrastructure
True endpoint protection relies on the use of tools and software, so it is critical to evaluate offerings and select a toolset that best meets the specific needs of the organization.
The infrastructure and products selected must enable IT administrators to set up and enforce aspects of endpoint security.
The infrastructure may involve several layers of tools and services, including additional support for mobile device management (MDM) to validate devices and apps before allowing mobile devices to enter the corporate network.
A simple and common example is a VPN and client that can enforce operating system and anti-malware requirements on the endpoint before access is complete.
As another example, Microsoft Endpoint Manager is a tool that can set policies for a wide range of endpoint capabilities, including antivirus, disk encryption, firewall, endpoint detection and response, attack surface reduction, and account protection.
To summarize
Here is a checklist with the key components of a resilient infrastructure that can cope with true endpoint protection
- Create a firmware protection plan and stay current on firmware, UEFI, and OS updates that can provide additional protections against emerging threats.
- It accelerates the automation of manual tasks such as remote updates and device activation, leaving the IT workforce more time for high-touch tasks.
- Activates a schedule to keep URGI, firmware, and security updates current.
- Enable MFA for all end users and implement a conditional access strategy.
- Implements biometric scanning, e.g., Windows Hello for Business, to reduce reliance on codes, card scans, and passwords.
- Adopt devices considered to be Secure-core PCs or configure devices to meet similar requirements.
- Reduce vulnerabilities in endpoint devices by disabling unused features such as Bluetooth or cameras.
If you want to be guided by us, learn about our cybersecurity services. Go to Services