Which endpoint protection capabilities do you need to secure your business on the cloud? How does cloud endpoint security differ from on-premises protections?
More and more enterprises embrace the potential of cloud adoption and digital transformation. Generally, moving business operations to the cloud bolsters communications, productivity, and profits. For example, digital transformation provides enterprises with new customer and client data sources for better leveraging.
However, enterprises often fail to realize that moving to the cloud doesn’t alter their cybersecurity obligations. Cloud providers must protect their own serves and infrastructures but have no such obligations for the clients using their services. Although some platforms, such as Infrastructure-as-a-Service, do offer a shared cybersecurity responsibility model, your enterprise must still fulfill its share of responsibilities.
Thus, moving the cloud creates new risks as your digital perimeter scales and becomes more porous. To combat these issues, you need the right endpoint protection capabilities which can protect your new IT environment.
We explore these capabilities below.
Why You Need Cloud Endpoint Protection Capabilities
Protecting the endpoints on a cloud environment may seem like a step backward. Yet endpoint security remains relevant regardless of your IT environment. According to the IDC, 70% of all cyber attacks begin at the endpoint.
Endpoints serve as the gateway to your network; through them, users enact your business processes and hackers perform their malicious activities. Each device forms a new node in your digital perimeter.
In fact, as you transition to the cloud, the number of endpoints connecting to your enterprise expands exponentially. In turn, each device constitutes a potential attack vector which requires a consistent layer of endpoint security.
Moreover, threat actors can plant dwelling threats on endpoints and cause long-standing damage over time. The longer a threat dwells on one of your endpoints, the more damage it inflicts on you.
In other words, you need endpoint protection capabilities even after you undertake a digital transformation.
Critical Endpoint Protection Capabilities
A comprehensive list of critical endpoint protection capabilities for the cloud could fill a book and then some. This list, while shorter than that, should help guide your enterprise in thinking about your endpoint security solutions. If your enterprise lacks any of these capabilities, you may want to consider upgrading your cybersecurity.
Next-Generation Antivirus (NGAV)
No list of cloud-relevant endpoint protection capabilities can exclude next-generation antivirus protection. While antivirus can’t protect enterprises alone, it remains an essential tool in the digital perimeter arsenal.
Importantly, enterprises must employ next-generation antivirus. Legacy antivirus just can’t provide the level of protection necessary to survive in the current evolving threat landscape. Often, they don’t have access to essential threat intelligence or the necessary technology to block new cyber attacks.
For example, legacy antivirus can’t defend against fileless malware, the latest weapon of choice for hackers. Fileless malware subverts and eludes most traditional detection methods by not downloading an actual file.
Every endpoint connecting to your cloud environment must protect against new threats like this.
Endpoint protection capabilities don’t operate in a vacuum. They require consistent and involved maintenance from your IT security team to stay relevant. Without keeping up to date with vendor-issued patches and security upgrades, your enterprise may miss out on crucial threat intelligence. Worse, you may open your cloud environment to undetected security vulnerabilities.
Unfortunately, according to Kenna Security’s Remediation Gap Report, it takes enterprises an average of 100 to 120 days to patch a vulnerability in their endpoint protection. In other words, far too long.
For cloud environments, your endpoint security should provide your enterprise with bandwidth throttling capabilities. Specifically, bandwidth throttling helps with patching remote endpoints connecting to your network. It also helps keeps patching from eating into enterprise IT resources.
This leads neatly into another critical capability.
Do you know what endpoints connect to your IT environment on a regular basis? Even in an on-premises environment, answering this question can prove challenging. You could have hundreds of devices as part of your digital perimeter, some of which could go “dark.”
IoT devices, in particular, are susceptible to vanishing from your visibility. Hackers target these dark parts of the digital perimeter for infiltration, lateral movement, dwelling threats, and island hopping.
When you move to the cloud, the number of endpoints, especially remote endpoints, scales exponentially. Your endpoint security solution needs to provide visibility on all of these new devices.
One strategy is to require all devices, remote or otherwise, to register with your security team. In addition, you should require they deploy your chosen endpoint protection capabilities before connecting.
Your endpoint protection capabilities must scale with your IT environment as it adapts to the cloud. This means more than the endpoint visibility discussed above; it also translates to adequately protecting each new component of your digital perimeter as it grows.
Usually, legacy solutions have upper limits to the number of devices they can protect at one time. Moreover, legacy solutions can’t protect the myriad components that make up the cloud environment—applications, databases, digital assets, etc.
Oft-neglected among discussions of endpoint protection capabilities, application control enables and monitors applications on your cloud environment. With this capability, your security team can prevent unapproved applications from running in the first place; thus, application control adds another critical preventive layer to your digitally transformed perimeter.
Applications can move from endpoint to endpoint with fewer challenges from legacy endpoint security solutions. Thus, hackers can use unapproved applications as a bus for their malicious codes, moving through the cloud environment with fewer restrictions than many users.
Therefore, you need to strictly control which applications comprise your cloud environment and which can operate on your endpoints.
Other Endpoint Protection Capabilities
Of course, enterprise endpoint solutions should also include:
- Endpoint Monitoring.
- Data Loss Prevention.
- Device Control.
- Port Control.
- Next-Generation Firewalls.
Above all, your endpoint security needs to provide you with critical information about your infrastructure, cloud or otherwise. Security only operates with good information, which the cloud can obscure. Make sure you are prepared before you take to the digital skies.
Latest posts by Ben Canner (see all)
- Key Findings: The Tessian State of Data Loss Prevention 2020 - May 29, 2020
- IoT Security in the Time of the Coronavirus - May 26, 2020
- Sophos State of Ransomware 2020 Report Shows Dangers of Paying - May 22, 2020