An endpoint is any device that is connected to the network and has two-way communication with the network. This could include laptops, desktops, and special purpose systems like Point of Sale (POS) terminals, ATMs, ticket counters, kiosks, and servers. Until a few years ago, attackers breached the perimeter defenses (e.g., perimeter firewalls, IDS, etc.) to get into the network.
Endpoint security is essential today because attackers have started using vulnerable endpoints as entry points to download malware and move laterally across the network targeting high-value assets. The 2013 POS attack on Target was responsible for the exposure of credit card information of 40 million customers.
Modern Malware Attacks are Making Reactive Security Obsolete
Traditional signature-based antivirus used to secure endpoints is not equipped to defend against zero-day attacks and advanced malware threats. Most antivirus solutions are heavily dependent on a directory of signatures to detect and mitigate threats.
The directory needs to be continuously updated to protect endpoints from known threats thereby increasing its size and the demand for greater bandwidth from already crunched enterprise networks. The consequence is an increase in the update cycle which leaves endpoints vulnerable to attacks.
This reactive approach makes antivirus ineffective against modern malware and other unknown threats. To add to this challenge, commercially available antivirus allows the attacker to test the malware effectiveness before deploying it, therefore increasing its rate of success.
Why Most Endpoints End Up Being Vulnerable
Endpoints are one of the weakest links affecting an organization’s security posture. And it’s not just the endpoints, but also the users that pose a significant challenge to ensuring security. Attackers are increasingly using phishing campaigns to bypass perimeter defense solutions and trick users into clicking on malicious links. According to Verizon’s 2018 Breach Investigations report, 92 percent of malware is still delivered by email.
Employees might click an email link or file thinking it’s from a trusted source. This would give the attacker the opportunity to install malware, spread laterally, and gain access to your servers, databases, and applications. In other words, perimeter security solutions are no longer effective against malware threats that take advantage of the inherent system and security vulnerabilities.
Operating System Vulnerabilities
Self-spreading malware succeeds because of vulnerabilities in operating systems. The ground reality is that many organizations still run their endpoint on Windows XP, which Microsoft no longer supports. This holds true for special purpose systems like banking ATMs, Point of Sale (POS) systems at retail outlets, airport check-in counters, servers etc. Upgradation to a new OS is a huge capital and operational expense, which is why most organizations settle for traditional antivirus protection.
Software Patch Management
OEMs do not always discover vulnerabilities in the OS in time. Even if they are, creating a patch, testing, and deploying it could take months and sometimes even years. With attacks increasing in frequency and sophistication, waiting for patches is simply not practical for large enterprises. Also, the lack of sound data governance and the absence of strict compliance requirements within the enterprise results in malware spreading unchecked at a great speed.
When it comes to endpoint security, antivirus/anti-malware is pitted as the optimum protection that your computer needs. However, signature-based antivirus software relies on the ‘known bad‘ (signatures or behaviors) and is not capable of preventing unknown threats or zero-day attacks. Enterprises need to shift from reactive security solutions and start taking a proactive approach to secure their network and endpoints.
Taking a Proactive Approach to Endpoint Security
Vulnerable endpoints are soft targets for attackers to not only disrupt network communications but also to move laterally and gain access to sensitive data that is spread across different servers. As threats increase in sophistication, waiting for patches and depending on traditional antivirus software is not a reliable strategy anymore. Instead, enterprises need to deploy security solutions that afford complete endpoint visibility and control. Here are four aspects you should consider before choosing a proactive endpoint solution.
Choosing a Proactive Endpoint Security Solution
- An effective security solution should have a signature-less approach that works at the kernel level to detect, alert, and prevent unauthorized processes running on end-points and critical servers.
- Security operators should be able to get full visibility and control of the processes to effectively lock-down and protect your systems – even those running on unpatched legacy systems like Windows XP.
- The security solution should be light enough to run without slowing down the primary system functions and be completely invisible to the end user. This will reduce any additional cost incurred in teaching cyber hygiene to your employees.
- It should grant complete process control while ensuring that only the known, whitelisted processes run, therefore eliminating the need for disparate anti-virus tools, signature updates, patch management software, and SIEM products.
With each passing year, malware threats are going to increase in frequency and sophistication. Along with adversely affecting customer trust and brand image, breaches also have serious financial implications for enterprises. According to the Ponemon Institute 2017 Cost of Data Breach Study, the global average cost of a breach is $3.6 million, or $141 per data record. The average cost of a data breach in the United States is much higher at $7.3 million.
ColorTokens RADAR360 enables enterprises to take a proactive approach to endpoint security. By providing complete visibility and control right at the process-level, ColorTokens RADAR360 effectively locks down systems making them tamper-resistant, thereby protecting endpoints from phishing, zero-day exploits, malware, ransomware, and other unknown threats.