Endpoint isn’t the best place to block threats
Credit to Author: Trend Micro| Date: Mon, 25 Sep 2017 18:45:56 +0000
Hackers often look for a number of ways to target business users, compromise critical systems and get away with sensitive information or money. These attacks can come from email and web sources, and even infect business endpoints. According to a 2015 industry survey, 73 percent of respondents believed that endpoints are the most vulnerable point for attacks, CSO Online reported. Despite that, only 32 percent of respondents had advanced endpoint security in place, and many available endpoint solutions still can't protect against all forms of attacks.
By the time an endpoint is breached, it's game over. These vulnerabilities serve as a major gateway to the network for attackers to exploit and cause more damage. Endpoints are no longer the best place to block threats, and this will be important to keep in mind as malicious techniques continue to advance.
Undetectable malware creates a problem
Malware creation is more active than ever before, and hackers are learning from past mistakes and successes to improve their attack techniques. More than 323,000 new malware variants are created every day, according to DarkReading. As if this wasn't enough, Verizon's 2017 Data Breach Investigations Report found that 99 percent of malware is only seen once before hackers modify it, ensuring that it will continue to evade detection. Attackers are now offering mass production of malware and tailored cybercriminal services, accounting for the big jumps in malware distribution. The improvement of malware analysis technologies also force attackers to be on their toes and constantly change their techniques to continue their scams. The pace of emerging threats and the rising sophistication present major problems to endpoint security effort.
The increase in malware attacks that appear as legitimate files or emails won't stop anytime soon, and it's becoming virtually impossible to patch all endpoints to combat emerging threats. Ignoring or being unable to deploy updates will leave users and business more susceptible to infections, but there simply might not be enough time or resources available to put out every possible patch. Relying on antivirus and endpoint solutions alone clearly isn't the answer either, putting IT teams in a tough spot to try to protect important company assets.
Mobile makes things more complicated
The emergence of mobile devices, bring-your-own-device policies and the Internet of Things have made endpoint protection even more complex. The sheer number of connected objects, lack of patches, gaps in application blocking and appearance of shadow IT are becoming more prevalent across enterprise. Without complete patching coverage and device management, companies cannot confidently say that they are living up to security standards. IoT devices are simply not powerful enough to support traditional endpoint security, and they have the weakest protections, making them vulnerable to attacks.
While tools are still being developed to help control the full extent of mobile use, extensive testing and experimenting must be done to ensure compliance and actual results. Vulnerable IoT devices have already been used to access networks and direct man-in-the-middle attacks. With the scant resources available on this end, it's clear that endpoint security isn't going to be enough on its own to fully block threats and other emerging attacks. Organizations must create strong policies and use layered security protocols to enforce best practices and mitigate shadow IT. Understanding what unauthorized apps and devices have accessed sensitive business material will help govern data more effectively and establish clear user expectations for emerging connected devices and objects.
"The best place to eliminate attacks is at the exposure layer."
Past the myths to protection
The era of next-generation endpoint protection has been garnering a lot of attention, but it's also resulted in a number of myths. As we pointed out in a past blog post, new vendors are starting to make bold claims that their solution will deliver unbelievable protection. The problem is that vendors control all the testing parameters and can fudge the results. When an independent party performs the same evaluations, the outcomes simply don't add up. Next-generation solutions might marginally improve, but businesses shouldn't expect complete protection.
Endpoints are a key asset to protect, but they aren't the best place to stop threats from happening. Many threats come from web and emails sources and can be blocked before they ever get to the endpoint. The best place to eliminate attacks is at the exposure layer. By leveraging web and messaging protection solutions, organizations will be able to mitigate issues at the source and allow their endpoint security to focus on more sophisticated threats. This effort will minimize the risk of exposure exponentially and overcome the gaps within endpoint protection solutions.
Security measures must be layered to detect and eliminate threats. Layer your security measures
As we've found, endpoints aren't the best way to block threats. Most attacks can be stopped at the source before any other systems or devices are affected. An effective security plan requires tools that not only will help businesses identify threats, but prevent and recover from them as well. A layered security approach using endpoint protection alongside web and messaging solutions can help safeguard sensitive assets from multiple angles. IT teams must ensure that the layers work seamlessly together and share intelligence to detect unusual behaviors quickly and effectively shut down any threats.
"For IT security managers under pressure, the most important thing isn't the latest buzzword but finding a solution which is effective in protecting their organization from an increasingly agile and determined online enemy," Trend Micro noted in the blog post. "Multiple threat protection techniques working in synergy is the key to this."
Endpoint security isn't the silver bullet that some vendors promise. Trend Micro is a proven endpoint security partner that not only evolves its solutions, but also layers it with other critical functions to protect against the changing threat landscape. Whether you're still lacking endpoint safeguards or looking to expand your capabilities, layered security will be the best solution for covering all of your bases. To find out more about how to appropriately block threats and bolster your endpoint security measures, contact us today.