5G is in the news a lot these days — and for more reasons than technology prospects and marketing purposes. A significant amount of talk is focused on suppliers, trade implications and national security issues, but rest assured, the technology will be deployed, and we will be using it. It’s just a matter of whose equipment we will be using and when it will be deployed.

This is exactly why endpoint protection is such an important issue — 5G technology is coming and nothing will stop it, so we need to be prepared.

A Recap of 5G Challenges

If you accept that this blazing-fast, super-capable technology comes with three inherent challenges — manageability, the supply chain and usage — then the endpoint protection challenge makes a whole lot more sense. More to the point, your endpoint protection strategy could end up defining how security is managed for the entire enterprise.

In other words, proceed with caution as you integrate new 5G devices and services into your enterprise, because if you end up doing this on shaky ground, you may be setting yourself up for a world of hurt. In fact, endpoint protection as a whole is on shaky ground, even before widespread next-generation technology deployments. Consider the following figures from Absolute’s “2019 Endpoint Security Trends Report“:

  • More than 70 percent of breaches originate at the endpoint.
  • Forty-two percent of endpoints have encryption failures at any given point.
  • Twenty-eight percent of endpoints have dated or missing antivirus/anti-malware tools.

Now, what does widespread 5G deployment do? It will explode the number of endpoints by an entire order, or multiple orders, of magnitude. We will see a plethora of internet of things (IoT) devices deployed with the rollout of the new network, with new challenges all orbiting around manageability, the supply chain and usage. Get these aspects as right as possible, and you’ll be in a good place. Get them wrong, and you’ll be putting the business at unnecessary risk.

How Is Endpoint Protection Changing?

Before we figure out how to create an endpoint protection strategy in the new mobile, hyperconnected world, let’s make sure we’re clear on definitions. Let’s start by breaking down Gartner’s definition of an endpoint protection platform:

“… a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.”

All right, so far so good, but as the definition goes on, it starts to raise some caution flags. For example, the definition rightly admits that detection capabilities will vary and advanced solutions will use multiple detection techniques, but here’s where the caution comes in: As detection techniques evolve, so do the attackers. Don’t think adversaries are just sitting idle. Remember, adversaries have an advantage we defenders don’t: They don’t play within the rules.

Microsoft’s “Security Intelligence Report Volume 24,” which looked at security signals throughout 2018, helped illustrate the changes in attack vector tactics, namely a reduction in ransomware and malware and increases in crypto-jacking, targeting of cloud providers, drive-by downloads, phishing attacks and supply chain compromises.

So whatever your endpoint protection strategy is, remember this: It needs to be dynamic and ready to change. That’s why solutions such as security orchestration, automation and response (SOAR) tools, which give context to security information and event management (SIEM), are your friend.

Why? Because your 5G endpoint strategy needs to hit the three main challenges of manageability, the supply chain and usage, and these tools give you a fighting chance. Yes, it’s mantra-like to keep repeating these three inherent challenges, but it’s the only way. The nature of cyberthreats today hasn’t really changed that much over the last five or 10 years; it’s all pretty standard stuff, such as bad or irresponsible human behaviors, spotty code, a lack of patching, misconfigurations and so on.

The problems are more or less the same; it’s the size, scale and speed that is changing. Everything in “morederation,” let’s say.

Or think about it like this: A professional hockey player today is bigger, faster and generally more technically skilled than a player from 50 years ago, but if today’s player can’t skate to the other end of the rink, what good is the fancy new composite stick that lets them unload a 110 mph shot? On the other hand, if you’re a master skater at the core, new tools will make you a scoring machine.

How to Develop Your Endpoint Protection Strategy for 5G

It is absolutely crucial to start with the basics before you buy something shiny. These three simple steps will help you increase the life span of your endpoint protection strategy, no matter what it looks like today:

Conduct a Needs Assessment

Figure out what your enterprise needs before you deploy 5G-related technology. This shouldn’t be guesswork. Your estimates should be based in reality, not fantasy.

Will this task require some cross-functional teamwork? Absolutely. You can expect all your standard enterprise challenges, including business segments saying, “I absolutely need this,” and IT security saying, “You cannot possibly have this.” But these conversations need to happen or else you’re setting yourself up for a whole bunch of wasted money and resources. Or, worse, you’ll walk right into a data breach because you’ve bitten off more than you can chew.

Determine Your Scaling Limits

This is the natural follow-on from a needs assessment, but with technology changing so fast, you need to determine your scaling and life cycle limits. Whether it’s 5,000 endpoints over two years or 100,000 endpoints over five years, pick some reasonable numbers so you can plan appropriately. Keep in mind two old rules: If you can’t measure it, you can’t improve it, and perfect is the enemy of good enough.

Stress-Test Your Network Before Adding to It

It’s important to know what your capacity limits are for the simple reason that the influx of endpoints may overwhelm your enterprise’s capabilities — assuming, of course, that you’re not already overwhelmed. That’s why there is never any harm in testing your network in some controlled manner. If you can survive the testing, you’re in better shape to survive the cyberthreat landscape. This is the stage where you do all your standard reviews, vulnerability assessments, penetration testing and red teaming.

Don’t Underestimate the Basics

Do these things right (learning how to skate) before you get your composite stick. Or, in our case, adding SOAR capabilities to SIEM, for example. Not only are you detecting and responding, you are also remediating. And when morederation happens — 5G will do that — every little bit helps.

Because the connectivity ecosystem we live in is always changing, you need to figure out where you are today to know how to get to where you’re going tomorrow. The future will operate on billions of endpoints, many of which will be running bespoke operating systems. And despite the ludicrous speed at which this future will be moving, systems can still be brought down with a few kilobytes of malicious code.

So make sure to hit all the basics. Examine your foundations and ensure they’re solid. Do all of this before you implement new 5G technology. Ahead of a complex future, a simple back-to-the-basics security strategy could be your best bet to keep your enterprise safe and secure.

More from Endpoint

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…