Connect with us

Hi, what are you looking for?


Endpoint Security

Why Endpoint Resilience Matters

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own security.

Boosting endpoint resilience

Last month, LastPass, a password management firm, made headlines by revealing that one of their DevOps engineers had a personal home computer hacked and implanted with keylogging malware, which subsequently led to the exfiltration of corporate data from the vendor’s cloud storage resources. The story shines a rare spotlight on the importance of endpoint resilience. Typically, media coverage of mega breaches (e.g., AT&T, Independent Living Systems, Zoll Medical Data, Latitude Financial Services) focuses on the tail end of the cyber-attack life cycle, namely the exfiltration points rather than how the threat actor got there. However, post-mortem analysis has repeatedly found that the most common source of a hack is compromised credentials that are subsequently used to establish a beachhead on an end user endpoint (e.g., desktop, laptop, or mobile device). This is why in-depth cybersecurity strategies should incorporate endpoint resiliency as an essential component of the overall approach.

Today’s Cyberattack Lifecycle

Most of today’s cyberattacks are front-ended by credential harvesting campaigns that use social engineering techniques, password sniffers, phishing campaigns, digital scanners, malware attacks, or any combination of these. Cyber criminals also take advantage of millions of stolen credentials being sold on the Dark Web.

Once in possession of stolen, weak, or compromised credentials, attackers are leveraging brute force, credential stuffing, or password spraying campaigns to gain access to their target environment. Increasingly, cyber adversaries take advantage of the fact that organizations and their workforce are relying on mobile devices, home computers, and laptops to connect to company networks to conduct business. In turn, these endpoint devices become the natural point of entry for many attacks. In fact, a Ponemon Institute survey revealed that 68 percent of organizations suffered a successful endpoint attack within the last 12 months.

As a first step to protect endpoints and minimize their risk exposure, many organizations deploy security tools like data loss prevention; disk and endpoint encryption; endpoint detection and response; anti-virus or anti-malware. However, IT and security practitioners have little visibility into the efficacy of these tools. For example, security applications that go unmonitored on endpoints, can easily degrade and become compromised. Application health can be affected by many things, including lack of updates, software collision, unintentional deletion by end users, and malicious compromise.

A study conducted by Absolute Software on the efficacy of enterprise security controls, found that security tools were typically working effectively on less than 80 percent of devices, and in some cases the number was as low as 35 percent. The lack of efficacy often allows cyber adversaries to move laterally to perform further reconnaissance and identify IT schedules, network traffic flows, and scan the entire IT environment to gain an accurate picture of its resources, privileged accounts, and services. Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.

Advertisement. Scroll to continue reading.

Once an attacker has identified where valuable data resides, they typically look for ways to elevate access privileges to exfiltrate the data and conceal their activity to avoid detection. But even the endpoint itself provides a treasure trove for hackers, as more than 76 percent of enterprise devices contain sensitive data, on average.

Boosting Endpoint Resilience

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own security. This is different from the traditional network security approach, in which case established security measures apply to the entire network rather than individual devices and servers. Thus, making each endpoint resilient is paramount to implementing a successful defense strategy.

To counteract human error, malicious actions, and decayed, insecure software, Forrester Research recommends taking a pro-active approach to endpoint security and establishing endpoint resilience by:

  • Maintaining a trusted connection with endpoints to detect unsafe behaviors or conditions that could put sensitive data at risk. This includes maintaining granular visibility and control over endpoint hardware, operating systems, applications, and data gathered on the device; and self-healing capabilities for the device, mission-critical security controls, and productivity applications.
  • Ensuring that endpoint misconfigurations are automatically repaired when possible, as organizations cannot assume that the health of their IT controls or security tools installed on their employees’ endpoints will remain stable over time.
  • Focusing on the return on investment of the security tools being used. Organizations often use a variety of endpoint security and management tools. Yet, each new tool introduced can serve as both a potential risk and an operational burden. Maintaining continuous endpoint visibility ensures that controls are always working as intended. By doing so, IT security professionals will ensure the ROI of their security investments — both from risk reduction and operational perspectives.

When modernizing endpoint management strategies, organizations should consider resilience as part of their planning process since there’s no guarantee that security controls installed on employee’s devices will not degrade or become compromised over time.

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...