Businesses are concerned about cyberattacks since the number of cyberattacks is increasing every year. With the increasing amount of devices connected to enterprise networks, enterprise data is less safe than ever. Endpoints are the most vulnerable area of most corporate networks and endpoint security platforms offer a solution to this vulnerability.
What is endpoint security?
An endpoint is any physical wireless device that is connected to a network. Endpoint security is the protection of endpoints such as desktops, laptops, and mobile devices from malicious activities.
Wikipedia defines the term as follows:
Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of laptops, tablets, mobile phones and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow a definite level of compliance to standards.
Why is it important now?
As the business grows, the number of people who access the organization’s network increases. Employees, partners and vendors connect to the enterprise network with their personal devices that increase the number of potential security breach points. There are two concerns regarding enterprise network security:
- The increased growth rate of cyberattacks: According to the study of endpoint security vendor Carbon Black, the average number of monthly attacks per endpoint has a 328% growth rate (from 0.7 to 3) through 2017 which means an organization with 10,000 endpoints sees approximately 1,000 attacks per day.
- Insufficient traditional security solutions: Legacy antivirus solutions are no longer sufficient against today’s advanced technology threats. These solutions require constant patching but for example, they do not sufficiently cover some outdated, niche systems. A single vulnerability can enable attackers to gain access to all sensitive data that the organization holds. More flexible solutions, that can deal with threats that they see for the first time (e.g. by using anomaly detection) are necessary for modern endpoint security.
What are the best practices?
Organizations should analyze the current endpoints to identify blind spots where attackers may target. This step provides organizations knowledge and insights that can help strengthen their defenses before adding more security controls.
Use complex passwords and multi-factor authentication
End users should avoid using easy passwords. Passwords are the basic step of security, using multi-factor authentication makes the task of hackers more difficult.
Train your employees
Educate your employees about phishing attacks and other social engineering techniques. The Verizon 2019 Data Breach Investigations report says that 34% of all breaches in 2018 were caused by insiders. Teaching them basic security practices like changing passwords regularly and locking their computer when they are away from their desks improves awareness of employees.
Update security systems regularly
Security software vulnerabilities get visible as hackers start to use advanced technology. Software updates cover weak spots that hackers may target.
What does endpoint security tools enable?
First, we need to accept the fact that no network is unhackable. According to the 2019 Global Endpoint Security Trends Report from Absolute, though global security spending is expected to reach $128 billion by 2020 with endpoint security spend comprising almost one-quarter (24%) of that total, more than 70% of breaches still originate on the endpoint.
Endpoint vendors offer a combination of various solutions and different capabilities of those solutions to decrease the breach rate. Solutions that vendors offer can be grouped into two categories:
Endpoint Detection and Response (EDR)
Most EDR software relies on machine learning to identify zero-day threats in real-time. They aim to detect, disrupt, and prevent malicious attacks before they cause any major damage. Endpoint detection and response solutions include machine learning-powered behavior detection, threat hunting, root cause analysis, remediation and endpoint indication of compromise (IOC) capabilities. EDR solutions appear with out-of-the-box capabilities and pre-built dashboards and workflows.
Some vendors like Symantec and LogRhythm use deception technology to detect hacking activities. Deception technology involves distributing sensors across an enterprise’s digital assets such as endpoints, network, application and data. These sensors mimic enterprise applications. When a hacker tries to aim an enterprise network, these sensors misdirect the hacker so that enterprise servers are safe.
Endpoint Protection Platform (EPP)
Endpoint protection platforms are deployed on endpoint devices to provides a security solution by leveraging personal firewall, port and device control, and anti-malware capabilities. With machine learning capabilities, endpoint protection platforms leverage historical data from covert or public sources to determine malicious files and block malware threats.
What are the leading companies?
- Carbon Black
- Digital Guardian
- DriveLock SE
- Red Canary
- Rohde & Schwarz Cybersecurity
We’ve written about other information security solution as well, feel free to check them out: