Ensuring the endpoint is secure is a key element of the ‘layered defence’ approach that modern security professionals aim to have in place. Industry experts from Bitdefender, McAfee and Digital Guardian offer insight into the biggest endpoint security challenges facing organisations and explore how these can best be defended against.
What are the biggest challenges enterprises face with endpoint security?
Tarek Kuzbari, Regional Director for the Middle East at Bitdefender
There are two general trends in the market – over two thirds of breaches in organisations are at the endpoint level and approximately a quarter of overall security spending is allocated to endpoint security tools.
Against this backdrop, below are the challenges that enterprises are currently facing:
- The attack frequency and sophistication are still increasing
- A lack of cybersecurity resources is making it challenging for organisations to proactively defend against security threats
- With the increasing number of alerts from different systems and solutions the analysts are using, there is ‘alert fatigue’. It becomes overwhelming for them to go through all the alerts and signals that these systems are generating, causing a decrease in the quality of protection and response.
- Enterprises are creating more complexity on the endpoint, with an average of 10 security agents on each device. This is making the endpoint more fragile than resilient.
- An increase in BYOD and mobile workers puts the users at higher risk of infection
- A lack of security management bandwidth to continuously check the status of each endpoint and make sure it’s protected and fully updated
- Budget limitation to invest in partnering with leading vendors that can provide the organisation with the technology needed to protect against the latest threats
- Over 100 vendors offer some sort of endpoint protection, making it more and more challenging for CISOs to make the right decision in partnering with the right vendor for securing their infrastructure
Naaman Hart, Cloud Services Security Architect, Digital Guardian
The biggest challenges I see begin with the age-old problem of updating and maintaining system software. This is the same old problem that never seems to get any better and it’s still ignored by the vast majority of people, often directly leading to exposure to risk.
Ultimately, until we get good control over the maintenance of core systems such as our operating system, how are we meant to patch each and every little bug that appears in subcomponents within other applications?
Every day a new exploit is discovered and patched, and we lag drastically behind in ensuring that bug is not exploitable within our environments.
Just look at how many companies get hit by infections that have been known to the world for multiple months to years. An approach to security whereby you assume it’ll never happen to you and you don’t inoculate yourself against it, is no approach at all.
Second to maintenance, is the selection of the appropriate tools and spending your security budget wisely. The industry moves quickly and you’re not best served by just looking at traditional software and names.
You now find that the inherent protection offered by your operating system out of the box, using tools such as Microsoft Defender, is more than capable of providing the same protection as traditional AV products.
This allows you to take the considerable spend you place in that area and move
it to products that cover more areas. Invest in
visibility tools to allow more insight for threat hunting or invest in products
and managed services that do this for you.
The key here is to know that not all security spend is equal and some might only provide you an extra 10% protection to known areas while something else could uncover completely unknown risks within your business.
Scott Manson, Managing Director, Middle East and Turkey at McAfee
Endpoint device security is no longer about traditional anti-virus versus next-generation endpoint protection. The truth is you need a layered and integrated defence that protects your entire digital terrain and all types of devices – traditional and non-traditional.
Endpoint security should not be demarcated as anti-virus software. Without diminishing the value of tried and tested anti-virus vendors, endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls and advanced detection/response tools. We must think in broader terms.
What best practice approach should organisations take to protect the endpoint?
Tarek Kuzbari, Regional Director for the Middle East at Bitdefender
I would recommend the following:
- Select the solution that really addresses your needs, not what vendors want to sell you
- Evaluate technologies based on your environment and look for third party test data as validation
- Keep abreast of emerging endpoint technologies and don’t fall for buzz words
- Look for a comprehensive endpoint security solution to simplify management from a single console, that can address different aspects of endpoint security such as EPP, EDR, patch management, encryption and asset management
- Focus on solutions that have low operational impact
- Ensure the solution can integrate with other solutions in your security ecosystem, such as network security, SIEM, etc
- Make sure that the most current endpoint security controls are in place and are functioning at all time
- Look for solutions that can provide you with visibility, protection as well as the ability to respond
Naaman Hart, Cloud Services Security Architect, Digital Guardian
The first practice I’d always recommend is that you learn what forensic data your systems already produces and how to capture that data and make it work for you.
Take, for example, system logs that are not centrally collected, stored and
parsed for analysis. You might even treat this data as a problem because
it’s regularly filling up your system disks and causing performance
issues.
Solve two problems by collecting and centrally storing your logs while taking data load off your endpoints.
Start with some automated basics that parse this data for common security events and gain some instant visibility into what goes on within your environment. The longer you do this, the easier it’ll be for your staff to point out anything unusual as they become familiarised with your data.
This is not difficult and it can be done for free in most cases with existing licensing. What’s the point in getting new tools for visibility if you’re ignoring what your systems already gather?
The final best practice I’d suggest is to know your industry and to get involved with your community. While most threats are generic, some are targeted to your industry and country.
Knowing whether you’re the type of company that would be targeted for a specific reason is valuable and being able to share intelligence with similar companies protects you all.
If for example, another company in your field was hit for specific intellectual property you could greatly increase your resiliency to the same problem by knowing the detail of how they were compromised.
Security is in everyone’s best interest and the more open and honest we are within our industries, the more collective immunity we’ll have from threats.
Scott Manson, Managing Director, Middle East and Turkey at McAfee
In today’s ‘survival of the fittest’ landscape, here are four ways to not just survive but thrive with regard to protecting the endpoint:
More tools do not make for a better defence
Scrambling to adapt to the evolving landscape, many security teams have resorted to bolting on the latest ‘best-of-breed’ point solutions. It is more important to look at your overall ecosystem and how these different defences work together, rather than in isolation. This is because point solutions have limited visibility and see only what they can see. As a consequence, the burden of connecting the dots falls on the customer.
It’s not about any one type of countermeasure
As a never-ending array of ‘next-generation’ solutions started to emerge and flood the marketplace, customers have been told more than once that anti-virus isn’t enough and what they need to do is switch to next-gen.
In reality, it’s not about achieving a next-generation approach or finding the best use for anti-virus. It’s really about implementing a holistic device security strategy that connects and coordinates an array of defences.
This includes signature-based defence (which eliminates 50% of the attack noise – allowing algorithmic approaches to run more aggressively with less false alarms), plus exploit protection, reputations, Machine Learning, ongoing behavioral analytics and roll-back remediation to reverse the effects of ransomware and other threats.
All devices are not created equal
Today, ‘endpoint’ has taken on a whole new meaning. The term now encompasses traditional servers, PCs, laptops mobile devices (both BYOD and corporate issued), cloud environments and IoT devices like printers, scanners, point-of-sale handhelds and even wearables. Adversaries don’t just target one type of device – they launch organised campaigns across your entire environment to establish a foothold and then move laterally.
It’s important to harness the defences built into modern devices while extending their overall posture with advanced capabilities.
Some endpoints, like IoT devices, lack built-in protection and will need a full-stack defence. Ultimately, the goal is to not duplicate anything and not leave anything exposed.
All you need is a single management console
If, as a customer, you have been deploying bolted-on endpoint security technologies or several new, next-generation solutions, you may be seeing that each solution typically comes with its own management console. Learning and juggling multiple consoles can overtax your already stretched security team.
It makes them less effective, as they are unable to see your entire environment and the security posture of all your devices in one place. But it doesn’t have to be this way. Practitioners can more quickly glean the insights they need to act, when they can view all the policies, alerts, and raw data from a centralized, single-pane-of-glass console.
At McAfee, we have re-imagined device security to provide a single console with flexible deployment options to defend a broad set of devices with full-stack or overlay to native controls. Through a single-agent architecture with deep integration and automation, we remove silos between once-isolated capabilities to enhance efficiency and protection.
Click below to share this article