IronLogix: Blog
Endpoint Security
New solutions featuring AI, encryption and cloud-based analytics key to halting increasingly sophisticated threats.
Anytime, anywhere network connectivity has fundamentally changed how, when and where work gets done, but it also presents additional challenges. With rising numbers of remote and mobile employees using a variety of endpoint devices to operate from beyond the secure network perimeter, organizations now must cope with a dramatically expanded attack surface and millions of new vulnerabilities.
Malicious actors have stepped up their attacks on remote endpoints such as laptops, tablets and smartphones to gain a foothold in corporate networks. A Ponemon Institute study found that 54 percent of organizations had five attacks on endpoint devices in 2022, at a cost of $360,000 per attack. Ransomware is considered the biggest threat to endpoint security, and email systems are the most vulnerable. Few organizations have the expertise or budget to manage endpoint security effectively.
Stealthy Threats
Endpoint security practices lean heavily on antivirus (AV) solutions that monitor network traffic to find sequences and patterns that match known attack signatures. That’s an inadequate approach because most malware variants change frequently to alter those traditional characteristics. It is estimated that AV solutions miss almost 60 percent of endpoint attacks.
Fileless malware attacks are particularly troublesome. Also known as zero-footprint attacks, they leave no identifying footprint because they don’t install malware on a device. Instead, malicious PowerShell scripts are inserted into memory or the registry to collect sensitive information before disappearing without a trace when the infected computer is rebooted.
Complicating matters is the fact that remote users often engage in risky behaviors that introduce vulnerabilities. In various surveys, remote users report they do not update their devices or applications regularly, and most admit they don’t even know what security measures are on their endpoint devices. According to one survey, more than three-quarters of remote workers admit using unmanaged, insecure endpoint devices to access corporate systems.
Layered Approach Needed
With organizations committed to supporting remote, mobile and hybrid work, endpoint protection is a top priority for 2024. Most analysts agree that it will require a multi-layered approach featuring more than one solution. Here’s a brief look at some of the key solutions that can boost endpoint security:
- Endpoint protection platforms. EPPs integrate antivirus, antimalware, data encryption, personal firewalls, intrusion prevention and data loss prevention to detect and block threats at the device level. Software is usually loaded on a server or gateway appliance where devices with lightweight client software can access it. The server authenticates logins from the endpoints, and updates the client software when needed. EPPs also leverage the cloud to store and share threat detection information.
- Endpoint detection and response. EDR solutions continuously monitor endpoints and network events, using advanced behavioral analysis and machine learning to identify suspicious files. When a known threat is identified, the EDR solution triggers rules-based responses such as sending an alert or logging off the user. Additionally, data about all identified and suspected threats is recorded in a central database for further analysis and investigation. This enhanced visibility enables anomaly detection and alerting, forensic analysis and threat remediation.
- Zero-trust services. With these solutions, a cloud-based analytics engine evaluates all applications and processes running on endpoint devices. Multiple machine-learning algorithms process hundreds of behavioral and contextual indicators in real time. Only apps and processes classified as trusted are allowed to execute on the endpoint device.
- Endpoint encryption. Sensitive company data residing on laptops, smartphones, USB drives and other devices is rendered unreadable to unauthorized users. It can be deployed in several ways. Full-disk encryption locks down the entire device, including data, files, the operating system and software. Folder encryption can be used to secure specific folders or applications. File encryption is a more granular approach that ensures sensitive data is always encrypted whether in storage or during transmission.
The continued reliance on a remote workforce will require organizations to secure an ever-increasing number of endpoint devices that connect to the corporate network. Simple signature-based defenses are no longer sufficient to identify and interrupt increasingly stealthy and sophisticated attacks. Advanced solutions that incorporate AI, encryption and cloud-based analytics are becoming essential for protecting sensitive network assets.