In the era of the mega hack, it is increasingly necessary to use a Defense in Depth (DiD) layered approach for strong security. Third-party breaches like Solarwinds, Microsoft Exchange Server, and Accellion have created unfortunate ripple effects throughout businesses by popularizing backdoor attacks.
Threat Intelligence Center News Feed: Stay up to date on the latest threat risksSubscribe
In the past, most cybersecurity threats came through the network; today, these threats are primarily coming through endpoints. Endpoint security, a DiD tool, can help alert and potentially mitigate some of these attacks.
Endpoint Security Basics
An endpoint is typically a small piece of software installed on desktops, laptops, mobile phones, tablets, servers, network hardware or in virtual environments. For example, you may have antivirus software installed which can be considered a type of endpoint, but remember, antivirus only monitors one part of security–virus protection. Your goal is always to reduce your attack surface with a DiD (layered) strategy in the most cost effective way possible.
The past decade has seen prices of endpoint tools or services fall to ridiculously low levels making it a more accessible option for security measures. Many endpoint service providers, including SecurityMetrics, package Security Operations Center (SOC) services with endpoints to provide a real DiD layered approach.
Here at SecurityMetrics, we have security analysts and threat hunters looking at endpoints to find hackers in our clients’ networks. Once threats are identified, the SOC alerts the MSS department to contact the client so that the client can resolve the issue.
10 Misconceptions about Endpoint Security and Why You Need It
1. My business is too small to be attacked
This perception is understandable since cyber attacks on small businesses rarely make the news.
However, analytics show us that this actually happens frequently. Small to medium-sized businesses (SMB) have increased risk due to hackers understanding that fewer security controls are in place and SMBs have a smaller to nonexistent cyber budget when compared to big corporations.
Threat actors like to devise new ways to take advantage of businesses, employees, exfiltrate data, and intellectual property by testing their malware tools on small businesses. 41% of businesses said that since the COVID pandemic, the level of potential cyber attacks SMBs are facing has increased.
Cybercriminals are banking on small to medium-sized businesses to persist in the assumption that they are too small for hackers to target so that SMBs do not invest in adequate endpoint security.
2. I feel our passwords are strong enough
Threat actors use a mix of social engineering, phishing, and malware to circumvent any current security measures. Phishing attacks are so popular that it’s estimated that 3 billion phishing emails are sent every day. Having security policies and a basic firewall is no longer enough.
Additionally, many businesses adopt a set it and forget it approach which increases the chances of getting hacked. Devices are more vulnerable than ever because of a lack of multi-factor authentication, password reuse and an overall lack of encryption on all devices and data found inside your network.
Endpoint detection and response technology can often provide information of attempts at lateral movement inside the network. Endpoints can often block attempts at lateral movement and provide alerts of suspicious activity to IT staff.
3. I don’t feel like we have enough control over devices in our network
You may have an IT staff who is stretched thin in terms of keeping your network running, managing uptime, printers working, or setting up desktops or laptops. Endpoint security provides your IT staff or system admins with a flexible tool that can centralize much of that workload. This means they have a dashboard to see all the threats and alerts coming into your business across the entire network.
Beyond this, endpoints can help control pushing out updates, policy settings, role based access control to applications, or offering up specific security alerts or notifications. A perfect use case that the SecurityMetrics Security Operations Center sees is when it comes to securing websites or granting access to the web or systems that employees require to perform their job.
Many SecurityMetrics clients struggle blocking access to malicious websites or IP addresses from foreign countries who are known to distribute malware and other malicious content. Endpoints often have web access restrictions on websites with dangerous reputations.
4. I don’t think we can afford endpoint security
The price of endpoint security has fallen dramatically over the past decade. The endpoint security market is being flooded with a variety of vendors and service providers according to this report forecasted through 2025.
The influx of endpoint vendors or service providers makes it more affordable than ever to bring endpoint security into your business. With so many options available, it is imperative to do your research.
The SecurityMetrics Security Operations Center routinely sees small to medium businesses purchase the wrong endpoints or service providers since not all endpoints are created equal. Clients frequently fail to configure the endpoints to properly fit their environment. Ill configured endpoints result in decreased efficacy of security features that are equipped with the endpoint.
The SecurityMetrics Managed Security Services (MSS) Department technicians are already trained and certified. MSS assistance will save you a great deal of time by properly configuring the endpoint to meet the individual needs of a business. Therefore, any decision made when buying endpoints should not be based solely on price, but on the kind of support, learning, and tuning of devices you will receive.
5. I don’t think I can justify any cost savings or show an endpoint ROI
Just like other types of preventive measures such as insurances or yearly checkups, it can be difficult to see the direct result of endpoint security because it is a preventative measure. The value of endpoint security is that it decreases the risk of being compromised.
Preventative measures like endpoint security are wise investments since it’s estimated that annually 43% of all cyber attacks target small businesses.
When you dive into the most recent Hiscox Cyber Readiness Report, 68% of small businesses have experienced a cyber attack in the last 12 months. Since the average SMB cyber attack can range from $120,000 to over $1.2 million, preventive care is a small price to pay. Best of all, the better endpoint service firms will bake in lots of extra protection features that were not available a decade ago.
6. I don’t see how endpoint security can justify any time savings
This is a valid concern because the goal is for your IT staff to focus on core business objectives instead of being consumed with managing security. However, endpoints can be managed much easier when tuned correctly.
The SecurityMetrics Managed Security Services Department in partnership with the SecurityMetrics SOC routinely spends time adjusting and educating IT staff on the best settings for their endpoints. SecurityMetrics MSS and SOC often educate clients about specific threats targeting businesses. They also assist with the streamlining, management, and prevention of online threats.
When you partner with the right endpoint services provider, they can optimize endpoint security so that it is most effective and easily managed. Although it is recommended to keep security updated, we realize this isn’t always possible. Quality endpoint security is often equipped with Artificial Intelligence (AI) which is designed to look for suspicious behavior and protect the systems in these cases.
7. Not all endpoints are created equal to stop cyber threats
Keep in mind that endpoints can alert you to threats, but you will need your IT staff or service provider assistance to resolve the threats. The best endpoint providers offer a database of threats found on their endpoints and may even offer support to help to resolve them.
A service provider that offers both endpoint security solutions with a Managed Security Services department is very valuable. Even better are endpoint providers that include a Threat Intelligence Center like SecurityMetrics offers. Your IT staff can quickly get expert advice to resolve threats that do not fit typical threats.
8. I am always concerned about compliance, but don't see how endpoints can assist in this area:
Knowing and executing all the regulations, regulatory changes and special precautions specific to your industry can be extremely challenging. SecurityMetrics operates in many of these areas including PCI, HIPAA, GDPR and others.
The nice thing about endpoint security protection through a provider like SecurityMetrics is that they can help you tune your endpoints to achieve compliance. For example, the SecurityMetrics Security Operations Center clients turn on alerting when certain strings of characters, such as credit card or social security numbers, are being used by devices in a malicious way. Endpoints can do this successfully to help achieve this type of regulatory compliance very quickly.
9. My antivirus is good enough
Antivirus is fundamental to good security, but your goal should always be a DiD layered approach in order to reduce as much of your attack surface as possible from threat actors.
Pairing your anti-virus with a firewall and endpoints gives you increased security confidence. Although no solution is foolproof, pairing these security measures with security operations center services provides a rigorous program that includes protection, detection, and response preparation.
10. I have a firewall, that’s good enough
Keep in mind that firewalls are gateways that filter network traffic which makes them part of network security. Furthermore, there are many different types of firewalls, all with unique purposes or features.
Some endpoint security solutions have firewall features bundled with them, but they are disparate or different types of protection. Businesses should have both network security and endpoints as part of a layered cybersecurity strategy. Endpoint security and firewalls are both designed to protect users against cyber threats, however, the security focus with endpoints is on the devices.
11. BONUS - I don’t see a difference between endpoint security and network security
A common misconception is that network security is the same or similar to endpoint security. Remember that the focus of network security, such as firewalls, is protecting against network based threats. Endpoint security protects and resides on individual endpoint devices.
The SecurityMetrics SOC encourages clients to create a DiD layered approach by combining their network security in partnership with endpoint security. This can be done by ensuring you tune your network security such as filtering web traffic through the right network security solution. Then layer in endpoint security to enforce web access policies, regulatory compliance, or prevent threats before they get into your network through endpoints on your desktops, laptops or mobile devices.
Many businesses have not made much progress reducing their attack surface, especially around endpoint security risk. This report found 68% of organizations were victims of endpoint attacks in 2019. Attack pathways into your business are created by the inter-connection of all your desktops, laptops, mobile phones, tablets or IoT devices. When you include guest wifi networks or any BYOD (bring your own devices) into your business, you begin to multiply your attack surface. Endpoint security can play a crucial role in protecting businesses of all sizes from ransomware, phishing, malware, and other cyberattacks.
Whether you are a small to medium sized office, a business with multiple locations, or or a multinational corporation, reducing your attack surface is crucial. Doing so with a DiD, layered strategy that includes robust endpoint security is a worthwhile investment.