Virtually every organization today is facing a rapid increase in the number of endpoints connecting to their network. In addition to user devices – such as desktops, laptops and smartphones – there are increasingly more IoT-enabled systems in smart factories and smart cities. This is becoming an IT security nightmare. The need for enterprise endpoint security has never been greater. This blog continues our endpoint security series and examines the benefits of endpoint security solutions.
According to IDC, 70% of all successful data breaches begin at an endpoint. This shouldn’t come as any surprise as endpoints represent a distinct weak part of the network. There are a huge amount of operating and application vulnerabilities that can be exploited through the endpoint. A single user may have multiple endpoints that can be breached.
New business use cases around Industry 4.0 have placed a focus on IoT devices where security has not been a prime consideration. At the same time, we’re adding intelligence and computing power to these endpoint devices to improve speed and performance. With this, the amount of attack vectors available to hackers for even small organizations soon becomes massive.
As the frequency of endpoint attacks increase, The Ponemon 2020 State of Endpoint Security Risks Report showed that over half of respondents admit their organizations are ineffective at managing endpoint security threats due to weak security solutions that can’t keep up with advanced threats.
What is endpoint security?
Many experts state that endpoint security grew out of anti virus and anti-malware software. As hackers become more sophisticated a more comprehensive solution was required. This led to the development of endpoint protection platforms that involved an integrated set of endpoint security solutions to help protect network endpoints from a single, central console.
Endpoint protection platforms excel at doing just that: protecting the endpoint at scale. However, they often lack the detection and response capabilities that would deliver threat intelligence and proactively manage advanced threats – even before they have been launched. In response, a new generation of Endpoint Detection and Response solutions have grown up to complement the endpoint protection solutions.
Endpoint detection and response solutions employ techniques such as behavioral analysis to monitor all endpoints for unusual activity, quickly detect any attack and identify where a breach has occurred and help quickly remediate the effects of that breach.
Today, new endpoint security tools are appearing that allow you to gain the best of both worlds to deliver a ‘defense in depth’ endpoint security strategy that layers levels of security to create a more rounded approach to endpoint security.
The major endpoint security threats
The new generation of comprehensive, integrated endpoint security solutions are highly intelligent providing both reactive elements – such as anti-virus – and proactive capabilities – such as advanced intruder detection or advanced threat hunting – to address the widest range of endpoint security risks. The major endpoint security threats include:
Phishing is the process of attempting to gain network access or user identity details by deception. Many phishing attacks use email attachments to get victims to suspicious sites, or even launch software on user devices that works in the background. As people have become accustomed to phishing emails and new variant – known as ‘spear phishing’ is now common. This email pretends to come from a trusted source. During COVID-19 the number of phishing attacks has exploded and a best practice of endpoint security is to deploy advanced threat protection to attempt to intercept and quarantine phishing emails before they reach the recipient.
The COVID-19 pandemic also saw a massive acceleration in remote working as many organizations let their employees work safely from home. There was a rush to home and remote working in an attempt to maintain business continuity while keeping staff safe and healthy. The result was that many companies quickly implemented remote working technologies often without adequately protecting those connections. While phishing was a common way to attempt to exploit remote workers, hackers also had many other attack vectors to explore, such as mobile devices, communications routes, etc. As remote working becomes an established part of business that will extend beyond the pandemic, any endpoint security strategy must include a plan for a very dispersed, remote IT infrastructure.
Malware and ransomware
Malware is the name given to the attempt to place malicious code you’re your network. A number of techniques can be used to identify endpoint vulnerabilities that will allow the injection of the code. The purpose of malware is usually to remove sensitive or commercially valuable data. Once on the network, the malware can remain dormant for many months before finding the data it wants and proceeding to remove it. This is why malware is the first step in any ransomware attack. Today, this type of attack is becoming more and more sophisticated. For example, fileless malware uses legitimate programs to attack and leaves no footprint. This is one reason that endpoint protection solutions are no longer enough, and organizations also need endpoint detection and response capabilities.
The Internet of Things (IoT) is now commonplace in business and everyday life. It is transforming industries like manufacturing and logistics by combining physical assets with IoT devices to gain far greater visibility and control into operational performance. This has become known as Industry 4.0. However, many IoT devices were never designed with security at the heart. As organizations add hundreds or thousands of IoT devices, they increase their security vulnerabilities exponentially.
Research suggests that fully 95% of all cybersecurity breaches are caused by human error. Insider threat covers the actions of an employee or contractor inside the organization that either accidentally or maliciously causes a breach to occur. It’s estimated that the cost of insider threat costs increased by 31% between 2017 and 2019, from $8.76 million to $11.45 million. Again endpoint protection by itself is inadequate as these threats are already within the corporate firewall and often have privileges and access to critical resources. Endpoint detection and response software is required to enable you to monitor activity and use techniques like behavioral analysis to spot unusual or suspicious behaviors.
The top 5 benefits of endpoint security
With the right endpoint security solution, your organization can achieve the following benefits:
Single, central endpoint security management
The traditional approach to IT security and endpoint security has really formed around the deployment of siloed point solutions. This has created a patchwork of solutions that don’t easily communicate or work together. It leaves major gaps in your security that aren’t easy to identify or plug. A modern, enterprise endpoint security solution should include all the endpoints – no matter the type or location – to be easily managed and secured from a central console. This end-to-end visibility into all endpoints means security gaps are much easier to locate and address.
Simplify security management
By gaining full control and visibility into all your endpoints, you can reduce a great deal of the administrative and management overhead. You can remove many of the manual management and auditing tasks as well as automating much of the processes involved in provisioning, registering, managing, updating and retiring all your endpoints. You use less resource simply managing the devices so your team can be re-assigned to higher value business activities.
Improve business resilience
The truth is that almost every organization will be breached at one point. When this happens endpoint protection will have failed. Business resilience and continuity relies on endpoint detection and response. You need to know where attacks are happening and how to quickly recover when the worst does happen.
Your endpoint security solution should, at least, connect with digital forensics incident response capabilities to identify and remediate any affected data. In addition, some endpoint security platforms have integrated data protection and back-up solutions that allow data to be recovered in minutes, and for the recovery point to be very close to the last safe instance. In this way, your business can recover operations quickly and steps can be taken to remediate or remove the affected data.
Protect your reputation – and your revenue!
The Ponemon Institute puts the average cost of a data breach at some $3.92 million. But that pales into insignificance to the damage a breach can do to your business or reputation. It’s suggested that 60% of companies fail within six months of a data breach. In addition, estimates put the average share value wiped out by a data breach at 7% or over. The confidence that effective endpoint security software can deliver can be measured in both bottom line and reputational value.
Why select OpenText as your endpoint security provider?
Choosing the correct endpoint security provider is a critical business decision. The company you partner with must be trusted to protect your critical data and deliver a comprehensive portfolio of endpoint security tools that will help you ensure that your endpoints and network are secure and resilient today and into the future.
OpenText is a recognized world leader in endpoint security offering a full range of solutions that includes:
Endpoint Protection Platforms
OpenText delivers a series of endpoint protection solutions that help you benefit from the combined power of Carbonite data protection and back-up, Webroot endpoint protection and threat intelligence.
Endpoint Detection and Response
OpenText EnCase Endpoint Security provides security teams with a comprehensive view to validate, analyze and respond to incidents quickly and completely. It helps you detect threats in real time with integrated threat intelligence and view alerts in an easy-to-read interface for the visibility needed to swiftly detect and act. It provides you with the insight and flexibility to address new threats quickly and effectively.
Threat intelligence solutions combine information from a wide range of sources – such as open-source databases and social media – to allow other endpoint security tools to learn and monitor for known threats to combat malware and phishing attacks amongst others. OpenText Webroot BrightCloud goes one stage further to allow you to proactively protect against zero day and other never-seen-before threats.
Learn more about OpenText Enterprise Information Security solutions.
Author: Alexis Robbins, Senior Product Marketing Manager