Endpoint security has come a long way. The threat environment today is nothing like it was back when employees would receive anti-malware updates on a floppy drive a few times a month. Endpoint security is its own market with solutions focused on many different angles, segments, and platforms. Let’s look at what endpoint security actually is, why it is important, how it differs from antivirus software, and what makes up a balanced security posture.
The best way to think about endpoint security is in the context of covering any of the risks associated with devices (endpoints) connecting to your network. This includes laptops, desktops, tablets, smartphones, and a host of IoT machines.
In information security, we often refer to the concept of defense-in-depth. Layering security controls that address different aspects of your organization’s security posture ensures overlapping protection, minimizes the impact of a single failure, and reduces your attack surface.
In a traditional defense-in-depth model, a lot of the heavy lifting was done by your networking security infrastructure to manage tasks including controlling access, monitoring for suspicious activity, and correcting misconfigurations, and other vulnerabilities. However, many of your devices we use now operate outside the protection of your corporate network and, as a result, endpoint security has evolved to address these new challenges. If the border firewall was the edge of your security perimeter before, your endpoints, applications, and end users are today.
Although the landscape looks different, the same principles still apply. Addressing your security concerns with a posture that accounts for the many facets of your business needs ensures that the solutions you adopt are complementary for better overall performance.
From an endpoint perspective, this sounds a lot like endpoint management, doesn’t it? To be equipped to effectively identify, protect, detect, respond to, and recover from security events in your environment, you need to understand your device population, its health indicators, and expected behaviors. This asset intelligence ensures that you know what you need to know when you need to know it to make those critical security decisions. Additionally, the valuable intelligence that your endpoints generate out on your perimeter not only help you understand their own health and safety, but also enriches what you know about the security of your data, networks, and applications.
With your endpoints, applications and end users becoming your organization’s new security perimeter, they have a big job to do. Any device that accesses your corporate resources on or off-network could be a potential target for attackers. IT and security teams have to contend with the pressures of BYOD (bring your own device) programs, remote and mobile workforces, as well as an increasingly diverse web of networked devices all pushing against your organization’s IT operations and security infrastructure.
It should be no surprise then, that according to a recent study by Ponemon Institute, nearly two-thirds of enterprise organizations have been compromised in the last 12 months by attacks that originated on endpoints. Compared to numbers just a year earlier, we’re looking at a 20 percent increase.
Attacks from outside intruders may present the most obvious threat and are indeed a daily challenge, but we can’t ignore the impact of internal threats. Of particular concern here is when employees disable or tamper with the critical security applications which IT teams rely on to secure devices and data. Employee behavior, usually out of unwitting negligence (but also sometimes from maliciousness), can put critical organizational information at risk and cause malware infection, corrupted registry files and drivers, or disabled services.
When users interfere with system management – patch management, antivirus, anti-malware, encryption, and other important security tools – these endpoints must often be reimaged which can be a costly process. Intentionally or not, your employees may be putting the organization at risk of a breach while creating additional work for IT staff who are already often spread far too thin.
To many outside of information security, endpoint security and anti-malware software sound synonymous. When you would have received those anti-malware definitions in monthly floppy disk shipments, it may have been an organization’s only security control.
As we mentioned before, endpoint security is a posture or a practice. Anti-malware software is one of many important components of that posture. Depending on your organization’s threat model (your understanding of the potential threats and associated risks to your business and what you would need to do to accept, mitigate, or transfer those risks) the specific combination of security tools may vary, but they should all support the overarching objectives of your posture.
There is a seemingly endless list of endpoint security solutions on the market. Deciding which ones are the best fit for your business is a difficult task, but where do you even start?
First, it’s important to understand the different types of endpoint security controls. As we have already discussed in a post about NIST CSF, being able to prevent, detect, and respond to threats are foundational capabilities, but ensuring that these tools are active, healthy, and configured properly on your devices requires the asset intelligence derived from tying these tools closely with your IT operations’ service management and configuration management. This is particularly challenging and critically important for those devices out on the security perimeter without the defenses of your corporate network.
The best endpoint security strategy for your organization means finding the right mix of features. To understand what will work most efficiently and effectively, you need to ensure that endpoint security is an integral part of your information security strategy and architecture. According to a peer-authored report by SecurityCurrent, endpoint security solutions must demonstrate how the software and sensors enhance or improve a company’s overall security posture alongside other security tools.
The report lists several key considerations for endpoint security features to look out for. Your checklist should include those solutions, which:
Absolute’s endpoint management solution that not only checks these boxes but is the only one that offers self-healing capabilities. Offering you a truly panoramic view of your endpoints, we look at your organization as a whole, complex system, providing unparalleled visibility and control over your endpoints on and off your network.
To see how our endpoint management platform can work in your organization, request a demo or contact our sales team