The Dangers of Unmanaged Devices with Sandeep Kumar of ForeScout
We’ve written previously about the possible futures of endpoint security, but about the present? What is the current state of endpoint security? What are the biggest threats facing enterprises’ IT perimeters? And are enterprises aware of the lurking threat of unmanaged devices connecting to their networks?
To gain some insight into these questions we spoke with Sandeep Kumar, Senior Director of Product Marketing at IoT security solution provider ForeScout, over email. He gave us his thoughts as to the state of endpoint protection and the perils of unmanaged devices:
Solutions Review: In your professional opinion, what is the current state of endpoint security?
Sandeep Kumar: As part of today’s digital transformation, there is exponential growth in the number and diversity of devices connecting to corporate networks. The rise in unmanaged network-connected devices increases the attack surface of enterprises and allows cybercriminals to capitalize on the weakest link to gain a foothold on your network, which is often the user endpoint.
It is more critical than ever for enterprises to strengthen their endpoint defense and to continuously monitor their network to effectively reduce risk and keep threats out. If compromised devices on the network go undetected, they can be used as launch pads to target higher-value assets, gain access to sensitive information, and cause significant business impact.
SR: Where do you see endpoint protection platforms going in the near future? What capabilities will receive more attention or innovation in the future? Do you feel that this future is the best possible course for cybersecurity?
SK: While there is no shortage of endpoint security products, traditional malware detection technologies are no longer sufficient given today’s threat landscape. Many endpoint vendors realize that and are evolving their products into the Endpoint Detection and Response (EDR) products. In addition, orchestration with endpoint compliance, network threat hunting, and network containment technologies is key to mitigating the impact on other uncompromised endpoints on the network. The solutions that will be successful against today’s sophisticated hackers are those that combine next-generation endpoint detection, proactive threat hunting, and automated incident response.
Analysts have noted that the endpoint protection marketing is rapidly evolving. In the future, we can expect to see endpoint protection solutions expand their advanced prevention capabilities with technologies such as machine learning and AI to help keep organizations secure and malicious actors out.
SR: What should enterprises look for in their endpoint security solutions?
SK: According to a recent SANS survey, traditional antivirus solutions are only able to detect endpoint compromises 47 percent of the time, indicating that signature-based defenses are no longer sufficient in protecting modern enterprises. The most prevalent attacks target traditional corporate endpoints and unmanaged IoT devices. The vast majority exploit known software vulnerabilities and basic configuration errors, so it is important to have a unified endpoint protection strategy across managed and unmanaged devices.
When implementing an endpoint protection strategy, decision-makers must consider what offerings are the right fit for their organization; these solutions are not one-size-fits-all. Enterprises with more limited resources may need more automated tools to adequately manage all their endpoints. In either case, organizations should look at solutions that combine next-gen endpoint protection, proactive threat hunting, and automated incident response.
SR: Apart from selecting the solution that best fits their needs, what can enterprises do to manage their digital risks and improve their cybersecurity posture?
SK: Device visibility must be the foundation of any good cybersecurity strategy. By 2020, the number of network-connected devices will increase to more than 27 billion. Unfortunately, most traditional security solutions aren’t capable of protecting or even detecting these devices, since many cannot support security agents. To combat this growing threat, it is critical that organizations have clear visibility into their enterprise networks to monitor devices and reduce risk. After all, organizations’ IT staff cannot protect devices of which they aren’t aware, and having a complete asset inventory of all devices on the network is a critical foundation for an effective security solution.
SR: What is the most common area of neglect in cybersecurity that you see?
SK: Endpoint visibility is critical for cybersecurity success, yet organizations lack that visibility into all the devices on their network. You cannot protect what you cannot see, and in the age of connected devices, this can be the difference between a data breach and secure network.
It is not only managed endpoints that need protecting but more and more IoT and OT devices are connecting to enterprise networks. A company that protects 99 percent of their devices needs to understand that a bad actor only needs to compromise a single device to penetrate an enterprise network. Recent high-profile breaches are living proof that a skilled attacker can move laterally, or east-west, once inside the network to gain access to confidential business and mission-critical data.
Thank you Sandeep Kumar of ForeScout for your time and expertise!