Best practices for endpoint security: 5 trends you can’t afford to ignore
Endpoint security is the protection of endpoints or end-user devices, such as desktops, laptops, mobile devices, servers and IoT devices from malicious attackers and accidental damage. Modern endpoint protection systems can defend endpoints whether deployed within your organization’s network perimeter, operating remotely or in the cloud.
Organizations of all sizes are at risk of attacks from nation states, hacktivists, organized crime groups and run-of-the-mill automated attacks leveraging malicious bots. Endpoint security is at the forefront of network security, because endpoints are possibly the first choice for an attacker trying to penetrate an organization’s systems.
As the number and complexity of cybersecurity threats continue to increase, so does the demand for more sophisticated endpoint security solutions. Endpoint security technology has evolved from legacy anti-virus to provide additional defensive layers. These include:
- Behavioral analysis based on machine learning algorithms, which can identify unknown or zero day threats, and help detect insider threats.
- Sandboxing, which can test and detonate suspected malicious software in an isolated environment.
- Threat intelligence, combining data from multiple feeds and threat frameworks like Mitre ATT&CK to identify and add context to incidents.
- Application control, content filtering and phishing protection to limit risky behavior on end-user devices.
- Endpoint detection and response (EDR) capabilities, which help security teams detect breaches on an endpoint as they happen, investigate them and rapidly respond.
Let’s take a look at some of the trends driving the practice of endpoint security in 2021 and beyond.
Endpoint protection trends in 2021 and beyond
Defending the inbox
The email inbox is a weak link in the defensive strategy of most information security programs. It is an ideal carrier for ransomware attacks, commercial email scams and malware infections.
Experts believe that improved automation used by attackers will lead to a significant increase in spear phishing attacks in 2021 and beyond. For example, according to a WatchGuard report, cybercriminals have begun creating tools that can automate spear phishing, which will lead to a new type of highly targeted, volumetric spear phishing attacks.
This makes it extremely important to adopt endpoint security technology that can integrate with email security infrastructure. In some cases, organizations will adopt security automation and orchestration tools (SOAR) to facilitate automated treatment of malicious emails, including sandboxing, detonation, correlation with threat intelligence and automated actions to defend the network.
Explosion of bring your own device (BYOD)
According to MarketWatch, the BYOD market will grow to $430 billion in 2025, at a CAGR of 15%. Companies are widely adopting BYOD policy to increase flexibility and productivity. This means a huge and growing number of devices are connected to the corporate network, increasing the attack surface and reducing control and visibility over user endpoints.
A Bitglass Research report shows that 51% of enterprises lack visibility into file sharing applications on BYOD devices, while 30% of enterprises have no control over mobile messaging tools.
To address the need for BYOD security, companies are leveraging continuous monitoring methods, third-party penetration testing programs and real-time vulnerability management.
A more comprehensive approach is implementing zero trust security models, which allow each user and device the minimal privileges they need to do their job, ensure user devices are healthy before allowing them to connect and continuously verify connections to detect suspicious user behavior, which may indicate a compromised account.
Mobile threats are accelerating, ranging from special spyware designed to receive encrypted messaging applications, to criminal groups who exploit Android security vulnerabilities.
The use of mobile devices at work may be the nail in the coffin of the network security perimeter, extending corporate applications and services to any location. With the massive transition to work from home, 2021 may be the year the reversal of corporate networks happens — where communication with remote, unsecured networks will overtake traffic from supposedly trusted, local devices.
A key indicator that the perimeter is disappearing, is the growing adoption of Microsoft’s Azure AD, a cloud-enabled authentication platform, as a replacement for traditional on-premise active directory solutions.
Another threat is the security of 5G networks, These networks continue to be deployed, and as the user base grows, organizations will need to prepare for exploitable vulnerabilities in 5G systems and communication protocols. These vulnerabilities will directly affect network security due to the huge mobile workforce.
Extended detection and response (XDR)
Emerging XDR security platforms were explicitly designed to address many of these trends — including weaknesses around BYOD, mobile security, email security and cloud security.
XDR solutions automatically collect and correlate data from multiple security products, both within and outside the network perimeter, to improve threat detection and provide unified incident response capabilities. For example, attacks that involve emails, malware deployed to endpoints and malicious network traffic can be combined into a single event.
The main goal of XDR solutions is to increase detection accuracy and improve the productivity of overworked, understaffed security teams, while giving them the tools to deal with a complex, expanding attack surface.
Rise of insider threats
Careless or accidental violations of security policies — for example, opening phishing emails or downloading malicious content — have resulted in many catastrophic security breaches. In mobile or remote employee environments, the risk of careless insiders is even greater. But the risk doesn’t end there — when organizations become less vigilant, malicious insiders can abuse administrative privileges and use their credentials to access key assets for personal gain.
A 2020 Ponemon report shows that the number of security incidents caused by insider threats grew by 47% in two years, and the costs associated with these incidents increased by 31%.
To address this risk, organizations must explore advanced endpoint security solutions equipped with behavioral analysis, which can identify suspicious behavior by privileged user accounts.
Rise of the internet of things (IoT)
IoT devices are exploding in number and variety, and are increasingly used by organizations in all industries. IoT is delivered to consumers in the form of connected devices, and is also used for back-office and field operations — known as the Industrial IoT, which is expected to grow to 64 billion IoT-enabled devices by 2026.
As the IoT market grows, so do the associated network security risks. According to Palo Alto Networks, 57% of IoT devices are vulnerable to attacks, and are a soft target for attackers. Most IoT devices have no built-in security measures — they are an open door to cloud systems and related networks that integrate with IoT.
IoT devices carry unencrypted personal data, use hard-coded passwords, connect to unsecured networks and may not have timely security updates. To begin to address the problem, companies must adopt solutions that provide visibility over active devices and the risks they are exposed to.
Prevent endpoint cybersecurity attacks
There are many ways to avoid endpoint attacks:
- Mounting email threats: attackers are automating and scaling up sophisticated spear phishing campaigns.
- Bring your own device (BYOD): personal, unsecured devices increasingly used in the workplace.
- Mobile workforce: the extensive use of mobile devices and new threats are ripping apart the old network perimeter.
- Extended detection and response (XDR): a new category of solutions designed to address remote endpoints and threats that operate across security silos.
- Insider threats: a growing concern that requires close management and cutting edge tech such as behavioral analytics.
- Internet of things (IoT): the new frontier of corporate security, requiring improved visibility and new strategies.
Use this information to adapt and respond to the evolving threat landscape in 2021, and minimize the risk to endpoints — wherever they are.
2020 cost of insider threats: Global report, ObserveIT
Bitglass 2020 BYOD report: Remote work drives BYOD, but security not keeping pace, Bitglass
2021 cybersecurity predictions, WatchGuard