Endpoint Security: What Most IT Teams Get Wrong
Cybersecurity is the most popular topic in IT right now. What was once a “Meh, we’ll consider it later” suite of solutions is now a “CYA ASAP” suite of solutions. There are many categories of products within cybersecurity - one of the most searched right now is endpoint security.
WHAT IS ENDPOINT SECURITY AND WHY IS IT SO CRITICAL?
Put simply, endpoint security is the protection of the various entry points to a company’s network such as desktops, laptops, tablets, mobile phones, and any of the growing lists of devices that now connect to organizations’ networks. As the cybersecurity threat landscape grows, so does the need for sophisticated endpoint security solutions that are up-to-date and scalable to thwart the malicious attacks happening at an ever-increasing rate. With the growing number of companies that intend to allow employees to continue working remotely beyond the pandemic, this need will only grow.
As noted by Forbes in their case for why endpoint security is quickly becoming the priority in cybersecurity - 70% of data breaches are external. So it comes as no surprise that companies are taking a second look at their endpoint security management and their IT budgets to see what they can do to shore up their defenses.
WHAT ARE THE DIFFERENT TOOLS USED TO SECURE ENDPOINTS?
While the concept of endpoint security as a whole includes things like anti-virus software, secure email gateways, and network access control, the solutions most commonly referred to when discussing endpoint security management are Endpoint Protection Platforms and Endpoint Detection and Response.
Endpoint Protection Platform (EPP) can be thought of as the “frontline”. It is software deployed to endpoint devices to detect and block attacks such as file-based malware. Several techniques are employed in this detection, including:
Signature matching - using databases of known malware signatures (stored and maintained in the cloud so that organizations continually have the latest threat info without the need for manual updates)
Whitelisting/blacklisting - blocking or allowing access using specific IP addresses, URLs, ports
Sandboxing - allowing executables to be tested in a virtual environment before running live
Behavioral analysis - establishing a baseline of normal endpoint behavior and reporting on any activity that seems abnormal and may be suspicious
Endpoint Detection and Response (EDR) tools take it a step further and, as the name suggests, respond by containing or removing the threat from the device. EDRs can detect more advanced threats like polymorphic attacks or advanced persistent threats (APT) and can also initiate automated or manual solutions. Capabilities include:
Threat detection - detecting anomalies on endpoints (beyond file-based malware) that can be indicators of malicious activity
Incident response - providing real-time alerts and prioritization of security incidents so that security teams can respond fastest to the most critical threat
Incident containment - isolating an endpoint or even re-imaging it when it has been compromised
Incident investigation/analysis - building a repository of endpoint data that can be used to research and identify the source of an attack
So, how do you do it right? We asked the following partners (all recently named “Leaders” in Gartner’s 2021 Endpoint Protection Platform Magic Quadrant) about some of the common mistakes they see around endpoint security management and how their solutions can help.
What mistakes do you see most IT teams make when managing endpoint security?
Matt Larson, Account Manager for SentinelOne -
“The biggest mistake we see is organizations believing that cybercriminals will not target them. Maybe they think they are not big enough or not in a vulnerable industry. What they fail to realize is that the sheer volume of attacks, and often random nature of targets, makes all of us vulnerable.”
Scott Harris, Regional Sales Manager for CrowdStrike -
“In general, spending too much time and effort on malware or ransomware-centric defenses and not enough on hygiene, identity, or proactive measures. Getting visibility into the identities in your environment and how they’re used, enforcing patches and updates, implementing and integrating with multi-factor authentication, and understanding how to hunt for evidence of intrusions all can go a long way to reveal attackers early and limit impact if they gain access via the latest vulnerability or legitimate credentials. Traditional malware defenses alone can reduce productivity and performance, which often results in de-tuning the product or managing exclusions to avoid false positives. You don’t want to trade visibility for convenience, nor should you have to compromise protection for performance.”
Steve Ermish, Chief Technology Officer of Opkalla (Speaking to Microsoft’s solution) -
“The biggest mistake IT teams make when implementing endpoint security is not having a runbook for when they are breached or compromised. It’s not a matter of if anymore, it’s a matter of when. Even the most sophisticated security technology can’t prevent the easiest exploit, the human.”
How does your product manage endpoint security better than alternatives?
Matt Larson -
“Automation! SentinelOne is the only endpoint security provider that leverages automation to stop and remediate threats in real-time, removing the dangerous dwell time between discovering a threat and remediation.”
Scott Harris -
“CrowdStrike’s cloud-first approach saves time and money by being fully operational in minutes and eliminating cycles spent on updates and reboots. This is all while getting people back to work more quickly with less downtime via Falcon Complete, the industry’s first and only fully managed endpoint security solution that includes threat hunting, response, and hands-on remediation. Our “collect once, use many” platform approach records hundreds of data points directly to the cloud for countless use cases beyond EPP and EDR, including asset and application inventory, vulnerability assessment and patching, cloud security, identity protection, and retrospective searching or hunting for threats that prevention technology alone may not catch.”
Steve Ermish -
“All of the top-grade EDR (Endpoint Detection & Response) tools are going to have very similar features that prevent network-based attacks, block exploitation of zero-day vulnerabilities, and protect users from malicious files and websites. Microsoft has an edge because Defender for Endpoint integrates with both the built-in Defender Antivirus, as well as their Cloud security analytics and their Threat intelligence products. If you’re a Microsoft shop, having seamless integration across all products and leveraging the economies of scale makes it an easy decision.”
If you are currently evaluating (or re-evaluating) endpoint security solution options for your organization, we can get you pricing and comparisons for the above solutions and many more at no cost. Complete the form below to contact us today.