Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Growth in Endpoint Threats Calls for A Proactive Mindset

Organizations are Failing to Take Basic Precautions That Could Keep Attackers Out…

Organizations are Failing to Take Basic Precautions That Could Keep Attackers Out…

If you were a robber which house would you break into: the one with the chain link fence and security cameras, or the one without? This should be a no-brainer. But the message doesn’t seem to translate to the digital world. Historically CIOs/CISOs have had to trade off security with productivity ‒ the more they lock down employees, the less flexible they are in terms of empowerment. But, it’s time to consider the absolute necessity of empowerment, and the concomitant need for security.

We need to acknowledge that mobility is a basic business necessity of our day and age. Employees can no longer be chained to their desktops. Of course, this increases the risk of unauthorized access or attacks, but forward-looking organizations such as Google view the network perimeter as indefensible anyway, and focus energy on securing applications in the cloud, and on securing the endpoint and access to the application. With that model, every internal application is basically available over the Internet, and can be accessed from a secure device whose posture, user identity and access they can control. In other words, the perimeter-based security model that has failed us so often over the years, is finally thrown out to be replaced with a requirement for robust endpoint security ‒ only.

Endpoint Security ThreatsWhile flexibility offers countless benefits for corporations and their employees, this new emphasis on mobility has also introduced a new set of risks, and this in turn re-ignites a focus on endpoint security.

Mobility increases risk by giving attackers the ability to access a device (physically, or electronically) in a malicious environment under an attacker’s control. Data on a device outside the enterprise perimeter might be lost. Our threat model must also include physical access to the device by the attacker. In the “evil maid” attack, for example, a device in a hotel room is accessed by an “evil maid” who inserts a USB key with malware. Additionally a device that uses a hostile network could be subjected to a range of attacks, including worms and device driver attacks.  

But the change in endpoint risk has been fueled by rapid evolution of our consumption of electronic content, our remote access of malicious sites, and our need to access untrusted content (files, documents, executables) delivered through “Internet-facing” applications. New classes of attacks have arisen quickly. Malvertisements are shaking the core of the free Internet’s business model. Ransomware is taking advantage of desperate users who want access to their files. Most organizations are being hit with attacks that are targeted and crafted to bypass their perimeter and network security, and their legacy AV stacks.

This comes at a time when many organizations are still failing to take basic precautions that could keep attackers out. The SANS Institute has found that about 80 percent of attacks could be prevented with some of the most simple and common practices, such as updating and patching software in a timely manner, setting secure configurations and having tight control over user access and administrative privileges.

After years of little innovation, focus is finally returning to security on the endpoint: 71 percent think managing endpoint risk has become exceptionally difficult in the last two years, according to Ponemon Institute’s 2015 State of the Endpoint Report. With more devices and entry points to account for ‒not to mention malware‒ companies are finding it hard to keep up. They sweat over the data breach headlines but then blindly put their faith in traditional security products like AV that aren’t effective. In response they reach for endpoint detection and response (EDR) products which can’t protect the endpoint but offer a Splunk-like ability to search for signs of an attack, pending you have an Indicator of Compromise. Ultimately both tool sets are needed ‒ to search for an unseen breach in progress, and later to protect the endpoint from either lateral movement of an attacker internally, or attacks from untrusted environments and vulnerable applications.

So, how should CIOs/CISOs manage these risks? While there are no silver bullets, the strategy that is working best for the organizations I speak to is a proactive stance: A new generation of endpoint security suite providers has emerged, and there is a clear need to identify which of the offerings can both detect breaches and secure your endpoints, while allowing you to empower your users. It is imperative that you begin to re-evaluate the endpoint, and to move beyond legacy endpoint protection platforms that simply cannot protect the endpoint or detect rapidly evolving attacks.

Advertisement. Scroll to continue reading.

I am a proponent of isolation and segregation. I recommend to all enterprises that they never trust their PCs ‒ even the ones on their network. Treat every device as though it is attached to a hotel network. Assume that the user will click on anything. The only way to do this is to isolate the enterprise infrastructure as granularly as possible, segregate the network, and move from a model of “block the known bad” to “isolate but execute everything” to both secure the environment and empower the user. Just as a burglar won’t bother to break a window if it has bars on it, cybercriminals will move on to an easier target if there are enough roadblocks in their path. The economics, which I see as a multiple of time, cost and effort, are fundamentally the same.

As endpoint threats continue to grow, the organizations that approach risks with a proactive mindset will be less likely to be left exposed — and become the next data breach headline.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...