Endpoint Security

Why is Endpoint Security Important?

Endpoint security has always been important, but changing views on remote work and collaborating via online platforms have made it even more important.

According to Nathan Hunstad, principal security researcher and engineer at Code42,
“I think we are going to continue to see an increase in routine remote work, which makes traditional perimeter security tools, like web proxies, firewalls and network-based IDS less valuable. Visibility into the endpoint and user activities on the endpoints, wherever they are located, is much more valuable now.”

Remote work impacts endpoint security because remote workers’ computers are now outside the perimeter that organizations’ perimeter-focused security solutions are designed to protect.

This means that traffic to the public Internet – and an organization’s cloud infrastructure – may not pass through the corporate security stack for security inspection. As a result, it is easier for malware to infect these remote worker’s computers and for data to be lost from them.

Endpoint Security and the Network

When employees are working from home, they aren’t connected directly to the corporate network. However, endpoint security can still have a dramatic impact on the enterprise network.

Many organizations have corporate virtual private networks (VPNs) that provide secure remote access to teleworkers. The corporate VPN creates a secure, encrypted connection between the remote worker’s computer and a VPN endpoint located on the enterprise network, providing a similar user experience to being directly connected to the headquarters network.

However, VPNs are not an ideal solution for remote workers. Their limited scalability and inefficient routing (which detours all traffic through the corporate network) negatively impact network performance.

Many organizations have adopted split-tunnel VPNs, which send only traffic intended for the enterprise network over the VPN and route all other traffic directly to its destination.

With a split-tunnel VPN, any traffic routed directly to the Internet is not protected by the organization’s network-level defenses. This increases the probability that remote workers’ computers will be infected by malware. If a computer is running a split-tunnel VPN without strong endpoint protection, malware can infect it, then use its VPN connection to pivot and attack the corporate network.

How Do You Secure Endpoints?

Endpoint security is a two-part process. An organization needs to select the right tools to deploy to, monitor, and secure and to build the backend infrastructure required to effectively make use of these tools and the data that they provide.

Selecting the Right Endpoint Security Tools

The endpoint security space is constantly evolving to address the latest cyber threats.

In the last few years, the move has been from signature-based antivirus to more advanced solutions, such as next-generation antivirus (NGAV), insider risk management (IRM), data leak protection (DLP), endpoint detection and response (EDR), and other tools.

This evolution has been driven by the fact that threats to endpoint security have been growing more targeted and sophisticated and legacy endpoint security technologies are no longer effective against them.

For example, endpoint security solutions that focus on matching files to signatures of known malware are incapable of detecting polymorphic, fileless, or zero-day malware. New solutions based on machine learning and other advanced technologies are required to identify and remediate modern threats to the endpoint.

When selecting endpoint security solutions, it is important to consider the problems that you are trying to solve and the effectiveness of different solutions for solving these problems. For example, the potential for data breaches is a major concern for organizations, so DLP may seem like a good choice.

However, 87% of organizations have or plan to invest in DLP as part of a zero trust strategy, but data breaches are still occurring.

Just like relying on signature-based antivirus leaves an organization vulnerable to malware, selecting the wrong solutions for data security and other endpoint security challenges may not solve an organization’s problems.

Gaining Visibility Into the Endpoint

You can’t secure what you don’t know exists. An important first step in securing the endpoint is implementing an inventory management system that provides visibility into the endpoints that a company owns and their functions.

Four best practices for implementing an inventory management system include:

1. Develop a Single Source of Truth: Multiple independent databases are a recipe for chaos and conflicting information. Set up a single database to store inventory information and a consistent labeling convention (such as serial numbers) for identifying devices.
2. Develop a Process for Grabbing Data: With remote work, endpoints are no longer on the corporate network, making it more difficult to achieve visibility. Develop processes and tools to extract the necessary security data from remote endpoints and the security tools running on them.
3. Automate, Automate, Automate: Scalability is key for effective data security. Whenever possible, automate processes to make them run with as little human interaction as possible.
4. Remember the People: Endpoint monitoring will detect anomalies, but not all anomalies are malicious. Before notifying a user that their device may be lost, out of compliance, etc. take any possible steps to verify that the issue is not a false positive.

Focus on Visibility

The continuing trends towards remote work shows no signs of stopping as collaboration tools evolve. As a result, endpoint security – which was rarely a focus in on-premises environments – is lagging behind.

The most valuable asset that an organization has – and the most common target of cyberattacks – is its data.

When developing an endpoint security strategy, focus on gaining visibility into data flows and implementing strong data security. Once that is accomplished, filling in the gaps to address other potential threats is relatively easy.