The swiftly evolving threat landscape, combined with the huge increase in remote working, means that securing your organisation’s endpoints has never been more critical.
Here, George Glass, Head of Threat Intelligence at Redscan, explains the importance of endpoint security and why detecting and responding to the latest threats demands greater endpoint visibility and specialist expertise...
Next-generation endpoint protection is a must
As cyber threats continue to evolve, it’s increasingly clear that organisations must look beyond traditional endpoint security solutions.
Antivirus software remains essential, but relying on traditional AV tools, which are largely signature-based, can leave organisations vulnerable to more sophisticated threats. Most traditional AV solutions are estimated to block just 40% of attacks.
Detecting the latest advanced threats requires next-generation capabilities, such as those provided by Endpoint Detection and Response (EDR) and Next-Gen AV (NGAV) platforms.
EDR and NGAV technologies provide deep visibility across devices by collecting raw telemetry relating to processes, file modifications and registry changes, and using behavioural analytics to examine events in near real-time.
Fileless malware is a serious risk to organisations and the top critical threat to endpoints in 2020. However, without more advanced endpoint detection there is a real danger that these and other sophisticated attack vectors can be missed.
The increasing risks of remote working
Providing employees with seamless access to the corporate network is essential to ensure that they can fulfil their roles effectively, but every device that connects to the network carries an inherent risk.
When employees work from home, they are located outside the protection of the corporate firewall, which can monitor and block incoming and outgoing communications to endpoint devices. Many organisations insist that employees connect to a Virtual Private Network (VPN) and while this can offer some security, ensuring all employees do so with regularity can be a challenge.
Employee devices are at greater risk for a number of other reasons too. Many often have unpatched software vulnerabilities and are operated by people susceptible to phishing, the most common attack vector used to target endpoints.
Malware threats such as Emotet are primarily delivered via emails. Emotet is equipped with wormable features, making it highly effective at triggering ransomware.
The average cost per breach resulting from an attack on endpoints is over £7 million, more than twice the average cost of a general data breach
The significant damage and disruption that endpoint breaches can cause makes incident response critical. Securing endpoints is important because it helps organisations to reduce incident response times by disrupting and containing attacks earlier in the kill chain. Advanced tools like EDR can automate response actions, such as by terminating processes and isolating infected endpoints from a network, thereby ensuring infections are shut down as quickly as possible.
With threats deployed more quickly than ever, a swift response is vital to address critical vulnerabilities such as Zerologon and shutting down ransomware attacks, which can achieve full domain-wide encryption in just a matter of hours.
The challenges of endpoint security
Early detection of endpoint attacks is imperative, but without a team of security experts to manage and monitor EDR and NGAV technologies around-the-clock, organisations will experience challenges with achieving the required security outcomes.
Next-generation endpoint solutions collect and analyse a huge volume of data, and the greater the number of devices and applications that are monitored, the more security alerts that can result. This causes growing complexity that can be difficult to manage for in-house teams, who may lack the specialist security training required to make sense of them.
Getting the best from the latest tools and reducing false positives requires security teams to draw upon a wide range of threat intelligence and develop custom rulesets that accurately identify the latest threat behaviours.
It is only by maximising the benefits of specialist technology that organisations will fully realise their endpoint security goals.
George Glass is Head of Threat Intelligence at Redscan, a leading UK-provider of Managed Detection and Response and security assessment services.
To learn more, visit www.redscan.com/