Enterprise IT security teams face an average of 5,000 to 7,000 new software vulnerabilities every year. Security teams have to consider the digital assets in their enterprise’s network, evaluate their opponents’ motives, stay up-to-date on new types of digital threats, and the latest cybersecurity capabilities.
Endpoint security capabilities typically considered include:
- Patch Management
- Secure Configurations
- Data Loss Prevention
- Endpoint Detection and Response
- Port and Device Control
- Application Control
However, while endpoint security might seem straightforward, new complications to the digital enterprise perimeter emerge every day. These include the mobile security issues arising from the rise in bring-your-own-device (BYOD) culture and the simultaneous escalation in mobile malware. It also includes the security issues inherent in digital transformation and cloud transformation. New endpoint security capabilities are necessary to protect the evolving perimeter.
It’s worth noting that no one capability does a cybersecurity platform make. It requires a full suite and solution to protect your enterprise. Certain capabilities may be more beneficial to your individual enterprise, but focusing exclusively on one capability will leave you vulnerable in the long run.
So what are the new endpoint security capabilities to consider for your enterprise?
Security Deception Technologies
A relatively recent term, security deception technologies are rapidly gaining attention among the new endpoint security capabilities. As a rule, security deception technologies are designed to fool attackers and malware into revealing themselves for detection software to find and remove.
We here at Solutions Review have detailed sandboxing and honeypot capabilities in past articles. Sandboxing allows malware to install itself and run in a specially enclosed environment so researchers can observe its behaviors and identify its true intentions. It’s meant to supplement signature-based detection, which modern threats can often bypass.
Honeypots, by contrast, are deliberately vulnerable systems meant to attract hackers like flies (hence the name). They look like your enterprise’s network, complete with fabricated file servers. In many ways, it resembles the sandbox, although their aims are quite different. The honeypot is meant to contain, delay, and frustrate a threat actor actively attacking the network. Sandboxing contains and observes a semi-independent program running autonomously.
Currently, some cybersecurity experts refer to security deception as a separate capability but this is contentious. Those who do see security deception as a sort of hyper-advanced honeypot technology. However, our own research indicates the technology is still in development and a clear definition is elusive at the moment.
Overall, security deception technologies are vital and new endpoint security capabilities for your enterprise’s protection platform. They create a perimeter that seems like a hacker’s dream…but is, in fact, a clever trap.
Firewalls are one of the most cited cybersecurity capabilities, and it is little wonder why. At one time, firewalls were the pinnacle of endpoint security. While they remain a key capability in any enterprise’s digital perimeter, traditional cybersecurity thinking obscures the purpose of firewalls, especially from decision makers who solely rely on them.
At their core, traditional firewalls track digital traffic coming into and leaving the network. They track domains to block malicious or otherwise suspicious traffic in either direction. However, with the proliferation of spoofed domains and phishing attacks, this traditional protection is quickly becoming dated.
Fitting for one of the new endpoint security capabilities, a next-generation firewall takes the traditional protection one step beyond. While it does take note of domains, next-generation firewalls actually examine the messages for signs of possible malware. They can also check for sensitive data in outgoing messages and flag them for evaluation before letting them leave.
While legacy on-premises antivirus solutions have proven ineffective for the modern enterprise, cloud antivirus is being hailed as a vital component of the digitally transformed cybersecurity platform.
Cloud antivirus uses machine learning to detect and quarantine threats from a central digital location. This is vital, as cloud environments can infinitely scale and thus become so disparate it can be difficult to determine the edges of the perimeter. In other words, cloud antivirus can serve as a unifying security window to improve visibility and fortify your network. Administrators can even disable endpoints from this central administration console, shutting down external threat actors and rogue insiders.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021