Tomer Weingarten, CEO of endpoint security solution provider SentinelOne, said in an interview with SearchSecurity: “The perimeter is becoming everywhere. It’s not something that can be confined with a hardware-defined circle anymore. And when users leave their corporate perimeter, a lot of them don’t have any protection for their endpoints.”
Weingarten’s assessment of the relationship between the enterprise’s IT perimeter and endpoint security tools is both accurate and an essential reminder. While your employees will always be your largest cyber-attack vector, endpoint devices—laptops, tablets, and smartphones—are certainly the second largest. 70% to 90% of enterprise cybersecurity breaches originate at endpoints, and 250,000 new malware programs are created every day. Keeping these threats at bay is a top priority for IT security professionals in enterprises of all sizes.
Yet the current discourse surrounding endpoint security tools isn’t on prevention but on detection and removal of those digital threats. The reason for this shift in the discourse is perhaps an understandable one: not even the most advanced endpoint security tools can prevent 100% of all enterprise cyber attacks. Traditional endpoint security solutions don’t typically have the capability to detect those threats until it is far, far too late to prevent the damage. Dwell time is a persistent problem in cybersecurity, and enterprises becoming interested in reducing attackers’ unwanted stay on their networks is unsurprising.
This explains the current wave of endpoint detection and response (EDR) solution innovations by vendors—they offer the detection capabilities that traditional endpoint security tools can’t offer. But in this rush for the new, have we lost sight of the old. Detection is a vital component of any comprehensive cybersecurity solution, but prevention is just as vital.
Here’s what preventative measure endpoint security tools can offer your enterprise:
Stopping Malware, Both Regular and Signatureless
Traditional endpoint security tools have always focused on preventing malware from breaching your enterprise’s perimeter. Newer models of endpoint security solutions are designed to not only prevent normal malware but the ever-more-popular signatureless malware species which can elude traditional signature-based detection methods.
Prevention is vital to ensure as many of these threats stay outside your perimeter as possible. Without prevention, your detection programs—whether that be EDR or SIEM—will be swiftly overwhelmed as malware floods your files.
Setting Up Firewall to Prevent Malicious Traffic
Regularly updated (and making sure they are updated is key) firewalls prevent unwanted and malicious network traffic from entering and interacting with your enterprise’s IT environment. Endpoint security tools like firewalls automatically deny untrusted traffic sources and monitor the flow of traffic into and out of your enterprise’s digital perimeter. As long as the firewall is extended to all of your endpoints, this can ensure that hackers don’t have an easy path into your databases.
Keep Your IoT Devices Untainted
Internet of Things (IoT) Devices are generally left unsecured when they are first manufactured; the manufacturing process favors speed and convenience over cybersecurity. Most devices have no endpoint security, and others have weak measures that are difficult to update.
Integrating your IoT devices into your enterprise’s digital perimeter in that state creates huge security holes that allow malware, ransomware, cryptojacking codes, and routes into the enterprise’s network to persist unchallenged. Endpoint security tools can help sew up these holes in your perimeter and prevent unnecessary risks to your assets.
Get the Most from Your Endpoint Security Tools
When your enterprise is selecting an endpoint security solution, you need to make sure that not only that you select the right solution for your enterprise’s use case but also that your deploy the endpoint security tools that you have available.
Endpoint security is a mature market, according to the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms, which can make it difficult to tell which solution suits your enterprise’s use case best. This requires you to make a careful selection, weighing the endpoint security tools they offer and what makes the most sense for your security needs.
Furthermore, make sure that those tools are actually being deployed. A fair number of enterprise actually leave themselves vulnerable by either forgetting or not knowing what tools they have available. Another vulnerability is failing to make sure that the endpoints connecting to your network are secured by the same endpoint security umbrella as your main endpoints. Don’t let this kind of security hole persist.
Endpoint security tools also possess an intangible InfoSec preventative benefit: they discourage hackers from targeting your enterprise in the first place. Hackers are still human, and all but the most dedicated and talented will want to bother with an enterprise with preventative endpoint security tools in place. Why would they? There are far easier enterprise targets out there
So make yourself a harder target.