[BreachExchange] Fortifying Your Endpoint Protection Posture Against Upcoming Threats

Destry Winant destry at riskbasedsecurity.com
Wed Jan 9 23:49:45 EST 2019


https://solutionsreview.com/endpoint-security/fortifying-your-endpoint-protection-posture-against-upcoming-threats/

Welcome to 2019! You should start fortifying your endpoint security
posture against upcoming threats. Immediately.

We apologize if the tonal shift above seems jarring. However, if you
plan on operating in the digital marketplace, you need to have the
strongest endpoint protection posture possible. Hackers continue to
innovate their threats and attack tactics. They collaborate and
communicate in the Dark Web, developing their malware and elusive
threats in a supportive environment.

Unless you strengthen your digital perimeter and threat detection now,
you’ll find your enterprise off-balance during a breach. Obviously,
being off-balance in a breach means more financial and reputational
damage in the aftermath.

How can you fortify your endpoint protection posture to prevent this?
Here are some key suggestions:

Know Your Enemy

Before you begin solidifying your endpoint protection posture, you
must take the time to understand the current and upcoming digital
threats. Only by knowing your enemies can you adequately plan for, and
defend against them.

Who are these enemies? Here are some of the most likely (but by no
means the only) culprits:

Ransomware and Cryptojacking

Cybersecurity experts debate whether ransomware or cryptojacking
should concern enterprises more. Both grew over the past year,
although cryptojacking grew faster and supplanted ransomware as the
top threat. However, both threats prove equally effective at
disrupting your business processes and damaging your bottom line.

They differ in how they do this: ransomware holds your files or
network hostage until the attacker receives payment. Cryptojacking
quietly uses your processing power to generate revenue for their
hackers. But ultimately, your endpoint security posture should prepare
for both.

Fileless Malware

Traditionally, malware downloads a file which endpoint security
solutions can detect and remove. But tradition does not dictate the
future, and hackers have a new tool in their arsenal: fileless
malware. This attack uses your endpoints’ natural processes to run and
conceal their malicious functions, eluding traditional detection.

Your endpoint protection posture must include a next-generation
endpoint security solution to combat this new threat. Hackers are
employing it more and more for a reason. Remove that reason as soon as
possible.

Email Threats and Phishing Attacks

You can argue email security issues and phishing belong more to SIEM
and threat detection. However, the emails your employees receive
constitute a potential barrage on your digital perimeter. Your
employees form a large part of your digital perimeter—often the most
vulnerable part of it.

With hackers becoming more selective about their phishing targets and
employing more social engineering.

The popular imagining of attacks like ransomware pictures them as
being fired in all directions, hoping they connect with a target who
falls for it. For years, this understanding lined up with reality. But
those days are changing. Hackers are now choosing their attacks far
more deliberately and carefully crafting their attacks via social
engineering. Your endpoint protection posture must incorporate email
security to eliminate as many of these threats before they reach your
employees.

Hackers only have to succeed once. Limit the chances they have to succeed.

The Cloud

If you only take one message away from this article, please let it be
this: you are responsible for your enterprise’s cybersecurity on the
cloud. This includes public cloud services like Amazon Web Services or
Google.

Many enterprises assume the cloud providers will protect their digital
assets. Unless the issue is with the platform itself, this is almost
never true. Your endpoint protection posture must make sure to secure
your cloud assets and cloud data flows. Further, it must ensure proper
configurations for your cloud—the alternative rarely benefits the
enterprise in the long term.

Fortifying Your Endpoint Protection Posture

Knowing the digital threats facing your enterprise might be the most
important step in solidifying your endpoint protection posture. You
should absolutely have this information in mind when selecting a
next-gen endpoint security solution. However, knowledge is only one
part of the equation. Myriad others exist, including but not limited
to:

Having a Multi-Layered Security Platform

The more layers to your endpoint protection platform, the less likely
threats with be able to penetrate. These layers can include
anti-malware but also EDR, sandboxing, honeypots, and other
capabilities.

In fact, the more layers to your endpoint security, the less likely
hackers target your enterprise in the first place. Hackers are
notorious followers of the path of least resistance. They tend to skip
enterprises with stronger security platforms in favor of those with
more noticeable weaknesses.

Therefore, your endpoint protection posture should favor solutions
with a diversity of features and capabilities suited to your business
processes. However, a multi-layered security platform also means
supporting your endpoint security with next-gen and optimized SIEM and
identity management.

Nothing in cybersecurity works well in a vacuum.

Never Stop Patching

Stay up to date with your endpoint protection platform provider to
make sure your endpoint security is up-to-date. Patches contain
necessary threat intelligence and predictive technology which can help
prevent evolved threats or new strains.

In addition, it is critical to never push patches down the priority
list; they should be a top-level, immediate concern. It can take time
and resources, but these short-term concerns will prove far less
costly compared to a data breach.

Taking Responsibility for Your BYOD Policies

Just because a device belongs to an employee doesn’t mean it isn’t
part of your digital perimeter. Every device connecting to your
network should have the same level of endpoint security as part of
your endpoint protection posture. Make it a requirement of your BYOD
policy, and forbid employees from using unprotected devices on your
network.

Understanding What Your Perimeter Actually Protects

This ties into having strong network visibility and a clear
understanding of your database locations and purposes. Without this
knowledge, you won’t know what needs the most protection and what to
prioritize. Your entire network should be protected, but trying to
prioritize everything equally shows a fundamental misunderstanding of
what your enemies target. Find where all of your databases are
(including on the cloud) and decide which ones need the most
attention.


More information about the BreachExchange mailing list