Protecting your endpoints from cyber threats is a critical aspect of securing your organisation’s network. While network perimeter security solutions secure the boundaries between your internal network and your service provider’s network, there is still the risk of malware infiltrating your internal network via endpoints.
With the average cost of a successful endpoint attack increasing from $5.1 million in 2017 to over $7 million per company in 2018, more and more companies are realising the importance of a multilayered cybersecurity approach, with endpoint protection an integral part.
In the current cybersecurity landscape, it’s essential that enterprises implement a layered approach to endpoint security. They must assess their vulnerabilities and design a solution that leverages effective security solutions to plug said vulnerabilities.
Evaluating your needs
The first step in choosing the best endpoint security solution is to understand what your business needs.
1. Capacity and Scalability
The bigger the organisation, the greater the number of endpoints, making capacity an important factor to consider. For large organisations, the endpoint solution must be able to handle a large number of users from the get-go. Scalability should be another key consideration for businesses anticipating rapid growth--whether large and established enterprises, startups, or SMBs.
Regulatory requirements may influence an organisation’s choice of endpoint security solutions. For instance, military and government sectors have very stringent security requirements and policies to which companies must adhere. Other sectors such as healthcare, finance, and technology (especially firms that develop payment solutions) have very specific regulations when it comes to securing data. To comply with the security regulatory requirements of their respective industries, enterprises may need specific types of endpoint security solutions. Industries that are particularly attractive to hackers may choose to implement stronger endpoint security protection that surpasses the minimum regulatory requirements.
While endpoint security is indispensable when it comes to securing an enterprise’s data, 70 per cent of IT leaders readily admit that budget considerations have forced them to compromise on security features. Although this is an issue all enterprises face, Fortune 500 companies and other large enterprises often have the financial ability and inclination to invest heavily in endpoint security. Such inclinations may be due to the higher risk levels and stricter security compliance regulations. Small and medium-sized businesses, on the other hand, often have smaller IT budgets and need an affordable solution that will enable them to reduce overhead, overcome business challenges, and accelerate growth.
4. Company work policies
Another factor to consider when determining the right endpoint solution is your company’s work policies, such as whether employees are permitted to work remotely. If there is a remote work policy, you should look for an endpoint product that allows secure remote access.
Types of endpoint protection
Before choosing an endpoint security solution, it is important to evaluate its capabilities, understand how it works and what types of threats it protects against. Let’s take a look at some of the solutions available, how they provide protection from cyber threats as well as their limitations.
Anti-virus is the most basic protection you can provide for your endpoints. Usually installed directly on endpoints, antivirus software is designed to detect and remove malicious applications. These products can detect known viruses identified by signatures or attempt to identify new and potential malware with unknown signatures by examining its behaviour. However, they, are unable to deter zero-days or protect endpoints from network vulnerabilities.
2. URL filtering
URL filtering tools help to restrict web traffic to trusted websites. They prevent users from accessing websites that have malicious or potentially harmful content. Although these tools help protect endpoints from drive-by downloads, they must be used together with other endpoint security solutions to provide robust protection against cyber threats.
3. Application control
These solutions control what an application can and cannot do. Using its whitelisting, blacklisting, and graylisting functions, application control tools protect endpoints by restricting or preventing unauthorised and compromised applications from executing in a way that puts your network or company data at risk. However, application control solutions have no control over browser plugins and browser-executable code. Moreover, they cannot help in cases where hackers exploit vulnerabilities in a whitelisted application.
4. Network access control
These are computer networking solutions that leverage a set of protocols to implement policies for securing access to network nodes. They control what devices and users can access and do on the network infrastructure. These solutions allow various network infrastructures such as firewalls, switches, and routers to work with end-user computing equipment and back office servers to enforce network security policies before allowing communication. Although network access control solutions boost endpoint security by limiting the data that can be accessed by users and restricting what they can do once connected, they cannot prevent endpoints from becoming infected through drive-by downloads and malicious browser code.
5. Browser isolation
Today, web browsers are among the most prevalent attack vectors for drive-by downloads, zero-day attacks, ransomware, crypto jacking malware, and other malicious browser-executable code. Browser Isolation solutions protect endpoints by executing browsing sessions in isolated environments either on the endpoint or server, or in the case of Remote Browser Isolation (RBI) solutions in remote locations outside of the organisational network, in the cloud or network DMZ.
During browsing sessions, all browser-borne code is executed in an isolated environment and only a safe interactive media stream is sent to the browser on the user device. All website code -- safe and malicious -- is isolated away from the browser and destroyed when the user finishes browsing.
To ensure all-round endpoint protection, organisations must take a multilayered approach to endpoint security. By layering solutions that address different vulnerabilities in order to cover the gaps left by individual solutions, optimal protection can be achieved.
Cloud vs. on-premise?
Deciding between an on-premise or cloud solution can be a difficult task since they both have significant benefits.
Cloud solutions offer scalability and flexibility and are much easier to integrate and manage. There is also less overhead since there is no infrastructure to maintain. The installation process is faster and simpler, and it is easier to switch to another solution if the current solution doesn’t meet your needs.
On the other hand, if your company security policy restricts internet access on your networks or wants greater control over the process and data, an on-premise endpoint solution may be better for you. On-premise security solutions are generally more responsive and faster than cloud, since transmitting and processing data within a local network is much quicker than through the cloud.
Assess relevant product(s)
Once you’ve narrowed down your options and determined which security products are best suited for your organisation, do your research to ensure the products have a good reputation.
The best endpoint security solutions come equipped with the right mix of prevention capabilities. In the current age of incredibly sophisticated cybercrime, organisations need endpoint security solutions with next-gen security capabilities. Since prevention (not detection) is the essence, the best endpoint security solution is one that protects organisations from all kinds of malware (especially those with unknown signatures), zero-day threats, APTs.
Test and compare products
It is important to do a proof of concept/trial run before purchasing. This enables you to determine the effectiveness of the solution in handling your organisation’s needs.
It would be wise to do a gradual rollout to see how the solution affects overall system performance and to ensure the new software doesn’t cause your system to crash due to technical issues or bugs. You can then roll back if problems are detected.
Implementing cybersecurity best practices and choosing and integrating a robust and multilayered endpoint security solution are key to protecting your organisation’s endpoints and network from possible malware infection and other security breaches.
Ilan Paretsky, Chief Marketing Officer, Ericom Software
Image Credit: Geralt / Pixabay