How Safe Is Your Endpoint From Cyber Attack
In the current business environment, any device that can connect to a network is termed as “endpoint” from desktops, laptops, tablets, smartphones and, more recently, IoT devices. As devices evolve, threats continue keeping its pace. Unfortunately, today’s firewalls and antivirus are not strong enough to cope with the ever-changing environment of a business. Endpoints are now exposed to ransomware, phishing, malicious advertisements, software subversion, and other attacks. Not to mention that attackers use zero-day attacks that use previously unidentified vulnerabilities to send malicious programs to endpoint computers.
How do today’s businesses protect against these malicious threats? First, before choosing the right Endpoint Protection (EPP) platform, companies need to gain a deeper knowledge of “endpoints”.
Unknown files that trigger the change
According to a recent study by Comodo Cybersecurity, over the past five years, unknown files, a potentially malicious and unrecognizable executable, have exploded. Every day, more than 300,000 malicious files are detected. Managing new or unknown files is one of the most important features of an EPP.
Most EPP products use a trust-based assumption, called ‘default allow posture’ for new or unknown files. This method allows files to have unlimited write privileges to system files, in addition to known bad files. This means that files not identified as bad must be good or secure. As you can imagine, one of the biggest problems with the “default allow” security feature is that cybercriminals are constantly developing new variants to avoid detecting on the endpoints. This can expose companies to threats for days, weeks, or even months before they are detected.
Sandbox and beyond
In order to successfully fight cyber criminals, many EPP vendors have integrated sandbox technology into their products to combat malicious software. For those who are unfamiliar, the sandbox is an isolated virtual environment that mimics the endpoint operating environment to safely run unknown files without the risk of damaging host or network devices.
This solution is gradually losing its effectiveness. Cybercriminals create threats that can detect when security cages (sandbox) are being used and automatically take action to prevent detection. In addition, sandboxes are becoming increasingly resource intensive and complex, slowing down their ability to handle threats without compromising productivity.
The Need for a Zero Trust Architecture
As cybercriminals are using the Default Allow approach to their benefit, while also modifying these variants to bypass sandboxes, companies need a better solution. The obvious answer is to adopt a Zero Trust architecture, where unknown executables are never trusted and always verified, without impacting user productivity. To successfully achieve a Zero Trust architecture, 100% of unknown files must be instantly contained and analyzed in the cloud and by humans to prevent breaches. Additionally, the business still needs to operate, and users should not have to experience productivity loss or impact. Successfully achieving a Zero Trust architecture will bulletproof your business from damage.
With cybercriminals taking advantage of the default allow approach and modifying that variant to avoid isolated spaces, businesses need a better solution. The obvious answer is the adoption of the Zero Trust architecture, where unknown executables are verified without compromising user productivity. To successfully achieve the zero trust architecture, 100% of the unknown files must be immediately loaded and analyzed in the cloud and by individuals to avoid violations. In addition, the company must continue to operate and users do not have to suffer productivity losses or impacts. Successfully reaching the Zero Trust architecture ensures that your business is safe from cyber attack.
Best Practices for Evaluating EPP
Protecting the endpoints of malicious software is one of the most important aspects of securing a company’s IT resources. Endpoint protection must be part of a holistic IT security approach in which perimeter network security solutions secure the boundary between internal networks and service provider networks, and endpoint security further reduces the risk of threats or malicious activity affecting IT operations.
The first step in choosing an EEP solution is evaluating the needs of the business, which should include capacity and scalability, compliance, budget, and policies. The next step is to closely examine the capabilities, which should include, but is not limited to centralized management, threat detection and blocking, unknown file handling, file reputation scoring and support to achieve a Zero Trust architecture.
Choosing the right EPP
In addition to these best practices, Gartner recently released a research paper that strongly recommends that security managers and risk managers conduct a thorough concept to accurately determine the endpoint protection platform that is better suitable.