Cyber security encompasses a number of solution, policies, procedures and practices- and it’s a list that keeps growing as cyber criminals fine tune their strategies and find new and innovative way to target enterprise IT systems.
One such area where there truly is a lot of interesting stuff happening is at the endpoint. If we look back just 5 years, the overall message from security vendors was that it would be the network that would “solve” our cyber security problems. However, threats have evolved and everyone agrees that a robust endpoint security solution is absolutely mandatory.
As a result, we of course see the classic AV vendors who stay focused on making sure that their solutions are efficient in dealing with modern threats and malware. But the endpoint domain has also opened up for more specialized vendors trying to deal with different approaches on how to protect against malware and also specific vendors focusing on the forensics of what is happening on the endpoint.
Attacking the Endpoint
There is no doubt that endpoint security is now a critical aspect in the overall security of an organization. Attacks have moved servers to the endpoint, which are being used as stepping stone for further attacks inside the network. Why bother finding and exploiting a vulnerability in a server when all you need to do is to get the user to open a document or click a link.
Instead the attackers are going after the low hanging fruit, which is the client endpoint as user behaviour can be exploited as an unpatched vulnerability. This is because the endpoint is operated by a user and attackers can trick them into all sorts of interesting things- something we typically call social engineering. A client also has a lot of interfaces to attack: E-mail, Web-browsers and other applications are just some of these. When we combine this with the fact that many users have far too many system rights, you have an explosive cocktail.
The other reason why the endpoint is so interesting is that more and more traffic is becoming encrypted, and it is only on the client you can be certain to see the traffic in the clear as well as get full understanding of what happens on the client when a piece of code is executed. Today, you can almost say that there is a race to the endpoint by pretty much any security vendor in the market and understanding which solution is the right one for the client can be challenging.
Putting Your Best Foot Forward
Endpoint security is a very active field right now, and making the correct decision is not necessarily easy as all solutions come with their own approaches and benefits.
One thing that is important though is that it is an area which deserves attention and you should not just be content with renewing your annual support license on the endpoints. You should understand what are the new capabilities, how can you enable them and how they deal with modern attacks.
If you do not feel there is any roadmap and development on your endpoint solution, it is probably time to rethink as this field is glowing hot with new approaches, roadmaps and ideas to deal with malware being implemented right now.
We also are often asked about the viability of cloud-based endpoint protection solutions. There is no doubt that endpoint security is also one of the areas that potentially can be moved to a cloud-based or managed delivery model. In fact, many next generation endpoint solutions are to a considerable extent leveraging cloud and specifically artificial intelligence in the cloud to identify emerging threats.
While I completely understand the benefits of this, there is of course also some privacy concerns. As an example, we are currently evaluating one of the emerging vendors in the endpoint space and during our test, we realized that every office document executed on the machine was submitted to the cloud for analysis. I am not certain all customers would accept this. Of course, the feature can be turned off but it will also impact the security effectiveness of the solution. So, to sum it up, like with everything else, customers should be aware of the impact of cloud.
We’re Here to Help AG-ain
At Help AG, we dedicate a lot of resources to understanding how our endpoint solutions work and how they deal with the threats at hand. This exercise is very interesting as it is quite clear that while endpoints are improving every approach has its limitations and strengths.
While we do not develop or manufacture endpoint security, we work with some of the leading vendors on implementing and maintaining these solutions. This spans AV and malware prevention to device and data-loss control as well as digital forensics.
At the end of the day, simply having the best solutions is not sufficient. Instead an organization’s ability to defend against cyber-attacks depends on these solutions being properly selected, configured, and managed in accordance with the right security policies. All of these are areas wherein Help AG delivers the value addition that helps you get the most from your security investments.
Nicolai Solling, CTO at Help AG