3-Point Endpoint Protection Primer

January 25, 2017 · steveverbanic · · Comments
Attackers always take the path of least resistance. Today that path is clearly through the endpoint.

As recent SANS research shows, user actions at the endpoint represent the most common way threats enter organizations today, with 75% entering via a malicious email attachment, 46% executed by users clicking malicious links in email, and 41% involving web drive-by downloads where users are tricked into visiting malicious websites.

Faced with relentless phishing and ransomware attacks and Internet-of-Things (IOT)-based attacks like the Mirai botnet that took down DNS provider Dyn, organizations are also quickly finding that their traditional security solutions are no longer cutting it. Of the endpoint threats discovered by the SANS respondents, 39% bypassed network gateway firewalls, 37% snuck past intrusion detection/prevention systems (IDS/IPS) and traditional endpoint security tools detected barely half.

Instead of relying solely on traditional perimeter defenses, or worse, signature-based antivirus alone, today’s mobile- and cloud-first organizations need to take a more holistic approach to endpoint protection, one based on incorporating the following three steps:

1.      Educating users: As the SANS stats show, the majority of threats that entered at the endpoint could have been thwarted if users were better educated about what a malicious email or website looks like and trained to report potential threats. Good user education should also include policies aimed at keeping corporate data safe such as trying never to store critical data on a tablet or smartphone, using encryption where necessary, backing up sensitive data (a critical defense in a ransomware scenario), and using only corporate-sanctioned apps or those downloaded from reliable app stores.

2.      Practicing good cyber hygiene: All endpoints must be kept up to date and included in all vulnerability and patch management programs. That means everything from traditional corporate PCs and laptops to mobile smartphones or tablets in bring-your-own device (BYOD) programs. Organizations should also consider removing difficult-to-update endpoint software like Java or Adobe Flash, which may not be business-critical but are often compromised by attackers.

3.      Deploying collaborative endpoint security: Since it’s obvious that traditional tools or signature-based AV can’t get the job done, a better strategy is to deploy endpoint protection that can run on a variety of devices (e.g. PC, laptop, smartphone or tablet) and provide the right level of visibility, control, protection and authorized access to thwart threats and keep endpoints safe.

SLAIT Consulting can help you design the right protections for your specific device portfolio and threat profile. Contact us to learn more about how we can secure your business.