Right now, potential intruders are probably rattling your network’s digital doors, looking for a way in. Endpoint devices are a common weak spot that allow these attacks access to your infrastructure. Advanced endpoint security can help seal off these attack points, providing valuable protection for your company. Here’s how it works, and why you should invest in it.
Endpoints are the devices we use to access our computing resources, such as files stored on enterprise networks, and back-end applications like customer relationship management or ERP software. Your enterprise laptop is an endpoint, but so is the personal Android tablet that you sometimes use to log into the company network from home. The smartphone in your pocket, your Alexa, your refrigerator, your monitors, and even wearable devices like your smartwatch are security risks.
Potential chinks in your armor
Each of these devices represents a potential soft spot that attackers can use to compromise your company’s network. A simple piece of malware installed on a laptop can give a hacker access to your enterprise accounts, and from there they can move on to the rest of the network.
Endpoint attacks are a clear and present danger for most organizations. As many as 68% of the 665 companies the Ponemon Institute interviewed for its most resent State of Endpoint Security report in 2017 said endpoint threat had increased; 38% said they didn’t have the resources to handle these risks.
Advanced endpoint security tools can help mitigate the problem by providing layered defenses to protect the many devices that connect to networks in an average day.
They go beyond simple antivirus software by protecting the endpoint and the network together as part of a single ecosystem.
For that reason, these endpoint security tools generally don’t just reside on the endpoint; they involve collaboration with a back-end server, too.
The back-end server component of an advanced endpoint security solution coordinates security across all the endpoints that connect to a network. It authenticates these endpoints when they connect, ensuring they all follow centrally defined policies. It coordinates the sharing of information and real-time data, investigates potential indicators of compromise, and helps identify the root cause of issues.
IT administrators can define a range of policies that minimize risks to all endpoints. Examples would be blocking visits to a list of known malicious websites updated centrally by the endpoint security vendor. Another could block attachments with known malicious signatures and emails that match phishing patterns.
Other policies may vary depending on which group that device falls into. For example, a security policy could ban access to social networking sites like Facebook for most groups of devices, while allowing access by devices registered to marketing professionals.
Making sure your endpoints are secure
Advanced endpoint security’s broad approach to protecting both networks and devices enables administrators to offer a range of protections for devices connecting to their network—and therefore, for the network itself. These include:
- Application whitelisting: Only allowing endpoints to install applications that are specifically permitted, rather than relying on lists of known malicious software that may miss newer programs.
- Network access control: Configuring endpoints with access to specific network resources based on their privileges. This stops intruders from using a hacked device to infect the entire network. It’s also a useful way to deal with nonmanaged devices, such as an employee or contractor’s personal tablet or laptop. These can be given limited access or even sandboxed to prevent them reaching valuable data.
- Endpoint detection and response: Looking for indicators of compromise on devices and performing root cause analysis.
- Mobile device management: Protecting mobile devices that are easy to lose or steal by encrypting their data and remotely wiping them if they connect to the Internet after being reported missing.
- Device patching: Ensuring that devices connecting to endpoints are properly patched, potentially quarantining them until they are up to date. This reduces the risk of malware infection.
- Anti-malware protection: Installing malware scanners on endpoints and keeping them regularly updated with new signatures.
- Virtual private networks: Utilizing VPNs to securely communicate between components, adding trust to untrustworthy environments
- Behavioral analysis: Looking for normal patterns of behavior and deviations that indicate compromise.
- Indicator of compromise discovery: Identifying indicators of compromise—potentially malicious activity on a system or network—to help information security and IT professionals detect data breaches, malware infections, or other threats.
Companies don’t have to install advanced endpoint security solutions on their own networks. They can rely on third party cloud-based versions for protection, which can minimize their infrastructure and management overhead. Whichever form of endpoint security they choose, it’s a great way to protect one of the most vulnerable parts of the enterprise computing ecosystem.
Click here to find out more about how SolarWinds Endpoint Detection & Response can help you secure your customers’ endpoints
Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.