The need to achieve responsible enterprise security has taken center stage in enterprise IT management in recent years, precipitated by a deluge of public data breaches that damaged company reputations. However, lacking information on the most critical modern attack vectors, many organizations continue to rely solely on traditional virus scanning tools as their sole method of enabling endpoint security.

Many business professionals seem to cling to a common misconception that the implementation of a malware protection tool provides blanket protection against all potential security risks. The broad availability of free scanning tools and Window’s native Defender software has lulled individuals who are not particularly risk-conscious into a false sense of security when it comes to protecting their IT resources.

To be clear, it is certainly true that scanning and remediation tools for malware — including viruses, Trojans, ransomware and adware — continue to be critical components of any security arsenal. According to Enterprise Management Associates (EMA) research, 73 percent of surveyed organizations indicated they have been affected by a malware attack, and only 58 percent reported a high level of confidence that they can detect a malware incident before it causes a business-impacting event.

These challenges are only accelerating due to a new generation of advanced malware attacks that are designed to target specific environments or conditions and are more resistant to removal or cleanup. However, it is important to recognize that these threats represent only a portion of the total risks posed by the use of endpoint devices in modern business environments.

Learn more about endpoint security and mobile threat defense

Modern Endpoint Security Attack Vectors

Beyond the threat of malware infection, the broad reliance on distributed endpoint devices — including desktops, laptops, tablets, smartphones and wearables — poses a number of challenges to enterprise security assuredness. In traditional environments, endpoint devices (primarily desktops) and the applications and data they utilized were kept contained on controlled business networks.

Today, however, critical business IT services are distributed across numerous public and private cloud, web, and server-hosting environments. Additionally, the “mobile revolution,” which began a decade ago, introduced more portable endpoint devices, allowing users to access business IT services from any location at any time. The consequence of these foundational changes to IT service delivery is that there is no longer a secure perimeter within which business devices, applications and data can be protected. Instead, all IT services must be considered continuously at risk.

Unfortunately, many bad actors are far ahead of the curve in figuring out how to exploit a world of interconnected and poorly secured software and devices. Cryptojacking is a prime example of this. It occurred to some resourceful individuals that it would be much cheaper and easier to secretly leverage the processing power of millions of end-user devices by embedding code in common websites to perform free cryptocurrency mining activities, rather than to purchase and manage a dedicated server farm for this purpose.

As a result, the performance of business devices and, by extension, the productivity of business workers are being diminished to line the pockets of clandestine entrepreneurs. Additionally, the eminent portability of the most commonly used endpoint devices (tablets and smartphones) further reduces their inherent security. EMA research indicated that one out of every eight mobile devices and one out of every 20 laptops containing business data ends up lost or stolen.

These are only two examples of rapidly evolving endpoint security challenges that plague enterprise operations teams, and this trend is expected to accelerate with cyberterrorists leveraging the power of intelligence technologies such as machine learning to identify new weaknesses they can exploit.

The Biggest Threat to Endpoint Security

EMA recently noted that the most frequent consequence of a security breach is not a malware infection, but compromised business data. We live in an age when information is a commodity that can be bought and sold through both legal markets and shadowy outlets. The latter, of course, is the greater concern with critical data — such as user access credentials, Social Security numbers, bank account information and other sensitive information — regularly being auctioned on the dark web. Cyberattacks are no longer designed just to be a nuisance; they are the cornerstone of a high revenue-generating industry.

There are three principal methods through which data is compromised on an endpoint:

  1. The first is through the use of invasive software, such as hidden code in applications and websites that collect and distribute data to remote systems without the knowledge of the users.
  2. The second involves manipulating users into unwittingly granting nefarious actors’ access to devices and IT resources. This is most frequently accomplished with the use of phishing schemes that employ psychological inventiveness rather than technological proficiency.
  3. The final method for compromising data on endpoint devices occurs when the user distributes the information themselves in an unsecure manner.

A Responsible Approach to Endpoint Security

Antivirus and other malware protection solutions can certainly help protect endpoint devices from related attacks, but they do very little natively to prevent data loss from other attack vectors. To responsibly ensure endpoint devices can securely perform business tasks, organizations must adopt a multifaceted approach to security that continuously monitors for inappropriate device activities and effectively controls access to enterprise data and resources.

To enable holistic visibility, configuration, status and contextual information should be collected on devices, processes and network activities. Intelligence technologies, such as analytics, language processing and machine learning, should be applied to collected details so that any potential security risks can be rapidly identified, and policy-based automated responses can be immediately implemented.

Of course, enterprise data is not a risk at all if it is never removed from secured locations in the first place. This can be accomplished with the use of resource isolation technologies, such as containerization, app wrapping, virtualization and browser isolation solutions. Data access and distribution controls are also enhanced with the introduction of strong identity and access management (IAM) capabilities. IAM platforms that are risk-based and governed by policy controls provide a strong first line of defense in any security implementation, particularly if they holistically leverage device information collected by endpoint and security management tools, as well as common intelligence technologies to accurately determine the level of risk associated with allowing an access event to occur.

Unified endpoint management (UEM) solutions designed to support all endpoints across an entire IT ecosystem offer the optimal platform from which to manage a diverse range of security processes. Comprehensive UEM solutions centrally support capabilities for data collection, reporting and alarming, data analysis, and automated response that are the hallmark of a responsible endpoint security approach. Solutions in this field are greatly advantaged if they can extend their security management capabilities through direct integrations with related platforms or by enabling integrations with the use of an API.

Effective endpoint security management requires a broad spectrum of key functionality that goes far beyond just malware detection, but with the right resources in place, organizations can ensure the secure utilization of enterprise IT services without unnecessarily limiting workforce productivity.

Discover new approaches to endpoint security

More from Endpoint

Combining EPP and EDR tools can boost your endpoint security

6 min read - Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and respond to endpoint threats in real-time. EPP and EDR have some similarities, as they both aim to protect endpoints from threats, but they also have…

The needs of a modernized SOC for hybrid cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

X-Force identifies vulnerability in IoT platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…