Is Your Endpoint Security Up to Snuff?

January 29, 2019 Eric Dosal Eric Dosal

In many network security architectures, businesses tend to emphasize their perimeter protections, trying to keep attackers on the outside. This is, of course, a good idea. Being able to stop attackers from getting into the network in the first place is immensely useful for stopping many attacks before they can really begin. However, it isn’t enough.

Businesses need more protection than what perimeter network security measures alone can provide. They need to create defense-in-depth by applying endpoint security tools to the individual assets on the network. What is endpoint security? More importantly, are your endpoint security measures up to snuff?

What is Endpoint Security?

Endpoint security is a term that can cover many different types of software programs and other tools that can be used to lock down individual assets on a network. As noted by a CSO Online article, endpoint security “might sound like a fancy name for putting a firewall and antivirus software on your PC, and indeed in the early days of the category there was some suspicion that it was a marketing buzzphrase to make antivirus offerings sound cutting edge.”

Using endpoint security software and tools is important because not all cyber threats originate from outside of the network. Having protective measures that secure each of the individual assets on the network helps to safeguard against insider threats.

Most modern business endpoint security vendors provide solutions that have a centralized dashboard to administrate from, rather than making businesses try to manage the security solution from each asset individually. The benefit of administering enterprise endpoint security solutions from a single central server is that organizations can ensure each endpoint has the same level of protection with ease.

This is different from the consumer model of endpoint security, which is generally configured from each individual asset. These “device protection” tools tend to be more limited in capability as well—being configured for ease of use on an individual user or asset level rather than providing the best cybersecurity customization and workflow integration.

What Should My Endpoint Security Solutions Look Like?

Considering how important endpoint security measures can be for blunting cyberattacks against a business’ network, it’s important to verify that any such tools can meet the organization’s needs. Older, more traditional endpoint security tools provide a starting point, but modern cyber threats demand a next-gen response. With this in mind, here are a few things to watch out for when assessing your own organization’s endpoint security:

  • Does the Organization Use Virtual Private Networks (VPNs)? Endpoint security VPN helps to anonymize traffic from within the organization and to make remote workers’ connections more secure as well. VPNs can vary in capability depending on the endpoint security vendor—some may have a larger impact on connection speed than others; some might have better user experience (UX) customization; and some might have multifactor authentication built in to enhance security, etc.

  • How Easy Are the Endpoint Security Measures to Manage? Having a centralized dashboard for managing the endpoint security measures the business uses is massively important because it impacts the UX for the whole organization and how security updates/patches can be applied to each network security solution. In fact, many organizations now use software-as-a-service (SaaS) endpoint security software because of how easy it makes managing network security.

  • Has the Organization Accounted for Its IoT Devices? The Internet of Things (IoT) is a term that covers many so-called “smart” devices, such as Wi-Fi refrigerators, smart lights, Wi-Fi speakers, printers—almost anything and everything that can connect to the internet and be controlled remotely without being an input device. These IoT devices can be a blind spot in many organization’s endpoint security strategies—a blind spot that cybercriminals have leveraged to run attacks against business networks in the past. An endpoint security strategy that does not cover the IoT devices on the network is an incomplete strategy.

  • Does the Endpoint Security Tool Check for File-Less Exploits? File-less attacks target vulnerabilities in default OS tools (such as Window’s PowerShell) to carry out malicious activity. Because there’s no actual malware involved, there’s no malware data signature to detect. So, many of these file-less attacks go undetected by traditional endpoint security tools. To counter file-less attacks, endpoint security tools need to be able to monitor user behaviors to identify unusual activity on the endpoint. Endpoint Detection and Response (EDR) tools often offer a solution for tracking user behaviors to identify activity that falls outside normal patterns.

  • Is Data or Communications for Each Endpoint Encrypted? Encryption of data in storage or in transmission might not stop an attack, but it can help keep attackers from being able to put stolen data to use before the organization has a chance to notify any affected parties and take measures to minimize the damage caused by a data breach.

  • Does the Organization’s Endpoint Security Leverage Big Data Tools? In a modern threat environment, endpoint security tools that only look at a single endpoint just aren’t enough. Modern endpoint detection and response solutions look at all activity on every endpoint in the organization to establish “normal” behaviors and detect unusual activity in real time.

  • How Does the Organization’s Current Endpoint Security Impact Network Performance? Endpoint security software and solutions such as encryption, VPNs, or even particularly stringent firewalls can all have an impact on the performance of the network. This can lead to slowdowns and disconnects that may be inconvenient or even reduce productivity.

  • How Many Endpoint Security Vendors Does the Organization Have to Use? Considering the diverse nature of the cyber threats that organizations face, it isn’t unusual for an organization to end up working with many different endpoint security vendors to enhance their network security architecture. However, having too many vendors can make managing endpoint security software difficult and time-consuming. So, it’s important to periodically review the different endpoint security vendors the organization is using and assess if any of them are redundant, or if there aren’t other solution providers out there who could provide the benefits of multiple tools in one solution.

Need help assessing your organization’s endpoint security measures? Talk to the Compuquip Cybersecurity team today to discuss your needs and get advice about how you can improve!