The need to achieve responsible enterprise security has taken center stage in enterprise IT management in recent years, precipitated by a deluge of public data breaches that damaged company reputations. However, lacking information on the most critical modern attack vectors, many organizations continue to rely solely on traditional virus scanning tools as their sole method of enabling endpoint security.
Many business professionals seem to cling to a common misconception that the implementation of a malware protection tool provides blanket protection against all potential security risks. The broad availability of free scanning tools and Window’s native Defender software has lulled individuals who are not particularly risk-conscious into a false sense of security when it comes to protecting their IT resources.
To be clear, it is certainly true that scanning and remediation tools for malware — including viruses, Trojans, ransomware and adware — continue to be critical components of any security arsenal. According to Enterprise Management Associates (EMA) research, 73 percent of surveyed organizations indicated they have been affected by a malware attack, and only 58 percent reported a high level of confidence that they can detect a malware incident before it causes a business-impacting event.
These challenges are only accelerating due to a new generation of advanced malware attacks that are designed to target specific environments or conditions and are more resistant to removal or cleanup. However, it is important to recognize that these threats represent only a portion of the total risks posed by the use of endpoint devices in modern business environments.
Modern Endpoint Security Attack Vectors
Beyond the threat of malware infection, the broad reliance on distributed endpoint devices — including desktops, laptops, tablets, smartphones and wearables — poses a number of challenges to enterprise security assuredness. In traditional environments, endpoint devices (primarily desktops) and the applications and data they utilized were kept contained on controlled business networks.
Today, however, critical business IT services are distributed across numerous public and private cloud, web, and server-hosting environments. Additionally, the “mobile revolution,” which began a decade ago, introduced more portable endpoint devices, allowing users to access business IT services from any location at any time. The consequence of these foundational changes to IT service delivery is that there is no longer a secure perimeter within which business devices, applications and data can be protected. Instead, all IT services must be considered continuously at risk.
Unfortunately, many bad actors are far ahead of the curve in figuring out how to exploit a world of interconnected and poorly secured software and devices. Cryptojacking is a prime example of this. It occurred to some resourceful individuals that it would be much cheaper and easier to secretly leverage the processing power of millions of end-user devices by embedding code in common websites to perform free cryptocurrency mining activities, rather than to purchase and manage a dedicated server farm for this purpose.
As a result, the performance of business devices and, by extension, the productivity of business workers are being diminished to line the pockets of clandestine entrepreneurs. Additionally, the eminent portability of the most commonly used endpoint devices (tablets and smartphones) further reduces their inherent security. EMA research indicated that one out of every eight mobile devices and one out of every 20 laptops containing business data ends up lost or stolen.
These are only two examples of rapidly evolving endpoint security challenges that plague enterprise operations teams, and this trend is expected to accelerate with cyberterrorists leveraging the power of intelligence technologies such as machine learning to identify new weaknesses they can exploit.
The Biggest Threat to Endpoint Security
EMA recently noted that the most frequent consequence of a security breach is not a malware infection, but compromised business data. We live in an age when information is a commodity that can be bought and sold through both legal markets and shadowy outlets. The latter, of course, is the greater concern with critical data — such as user access credentials, Social Security numbers, bank account information and other sensitive information — regularly being auctioned on the dark web. Cyberattacks are no longer designed just to be a nuisance; they are the cornerstone of a high revenue-generating industry.
There are three principal methods through which data is compromised on an endpoint:
- The first is through the use of invasive software, such as hidden code in applications and websites that collect and distribute data to remote systems without the knowledge of the users.
- The second involves manipulating users into unwittingly granting nefarious actors’ access to devices and IT resources. This is most frequently accomplished with the use of phishing schemes that employ psychological inventiveness rather than technological proficiency.
- The final method for compromising data on endpoint devices occurs when the user distributes the information themselves in an unsecure manner.
A Responsible Approach to Endpoint Security
Antivirus and other malware protection solutions can certainly help protect endpoint devices from related attacks, but they do very little natively to prevent data loss from other attack vectors. To responsibly ensure endpoint devices can securely perform business tasks, organizations must adopt a multifaceted approach to security that continuously monitors for inappropriate device activities and effectively controls access to enterprise data and resources.
To enable holistic visibility, configuration, status and contextual information should be collected on devices, processes and network activities. Intelligence technologies, such as analytics, language processing and machine learning, should be applied to collected details so that any potential security risks can be rapidly identified, and policy-based automated responses can be immediately implemented.
Of course, enterprise data is not a risk at all if it is never removed from secured locations in the first place. This can be accomplished with the use of resource isolation technologies, such as containerization, app wrapping, virtualization and browser isolation solutions. Data access and distribution controls are also enhanced with the introduction of strong identity and access management (IAM) capabilities. IAM platforms that are risk-based and governed by policy controls provide a strong first line of defense in any security implementation, particularly if they holistically leverage device information collected by endpoint and security management tools, as well as common intelligence technologies to accurately determine the level of risk associated with allowing an access event to occur.
Unified endpoint management (UEM) solutions designed to support all endpoints across an entire IT ecosystem offer the optimal platform from which to manage a diverse range of security processes. Comprehensive UEM solutions centrally support capabilities for data collection, reporting and alarming, data analysis, and automated response that are the hallmark of a responsible endpoint security approach. Solutions in this field are greatly advantaged if they can extend their security management capabilities through direct integrations with related platforms or by enabling integrations with the use of an API.
Effective endpoint security management requires a broad spectrum of key functionality that goes far beyond just malware detection, but with the right resources in place, organizations can ensure the secure utilization of enterprise IT services without unnecessarily limiting workforce productivity.