The Role of Endpoint Security and Management In Threat Detection
By Ashley Leonard, CEO & Founder, Syxsense
According to a recent Verizon DBIR, 70% of security breaches originate at the endpoint (servers, desktops, laptops, mobile devices and IoT devices). These attacks can happen through the operating system and application layers, as well as the firmware and BIOS levels. Compound that with the unpredictability of today’s threat landscape in the wake of the pandemic, and the shift to remote and hybrid work models triggering a proliferation of endpoints, and companies are more vulnerable than ever to cyberattacks directed at the endpoints. Take the Colonial Pipeline incident where the largest fuel pipeline in the country was shut down due to a single, compromised password. Or the Log4j security vulnerability that was discovered to have affected potentially millions of endpoints. The ensuing scramble to remediate was widespread and urgent.
In this “new normal,” post-Covid world, IT teams are now tasked with adapting to a large-scale, remote workforce, further challenging their ability to secure and manage endpoints ranging from PCs and smartphones to IoT-enabled printers and POS systems. Instead of one large headquarters, many companies are now comprised of multiple, smaller offices and home offices. With this, it’s clear the office firewall is no longer able to effectively protect the enterprise. Furthermore, laptops and mobile devices have been hastily provided in the transition to remote work without sufficient security, and BYOD policies that reduce equipment costs but allow overlap between an employee’s business and personal usage can unnecessarily expose companies to greater risk.
With more than 27 billion endpoint devices expected to be connected by 2025, and a 91% increase in cyber attacks on the enterprise in the first few months of the Covid pandemic alone, the problem is clear – endpoint security and management is crucial to mitigating today’s cybersecurity vulnerabilities and threats.
These threats are detrimental to a company in many ways (reputation, customer loss, productivity loss, etc.), all of which roll up to the ultimate cost – financial loss. According to IBM’s 2021 Cost of a Data Breach Report, the average cost of a data breach rose 10% from 2020 to 2021 – specifically $3.86 million to $4.24 million. And if we drill down into industries with strict compliance requirements, the numbers are worse. The average cost of a data breach in the healthcare industry is a whopping $9.23 million, and in the financial sector, its $5.72 million. These highly regulated industries face increased risk due to their responsibility for the protection of sensitive private data. Organizations in these industries that insufficiently safeguard data open themselves up to fines and legal proceedings in the wake of an attack as well.
So how can companies address this significant challenge of securing and managing endpoints? First of all, the perimeter of protection needs to expand beyond the conventional boundaries of an organization’s offices or a network’s on-premises location – it needs to extend to the individual endpoints each time they return to a network. More points of access mean more vulnerabilities. It’s essential for any organization to know how many endpoints are in its network and have access to its data with a unified endpoint security system that discovers, scans, and logs devices in inventory any time a device is introduced to the network.
Additionally, it is critical for organizations to adopt consistent approaches to endpoint security, fully comprehending and addressing all risks associated with its endpoints. This involves vetting the security capabilities of new devices before they are introduced to the network and continuously monitoring device vulnerability levels to ensure they never become dangerously outdated and unprotected. One way for IT teams to achieve this without additional burden is with a unified security and endpoint management (USEM) system that automates critical security tasks for each individual device in a network.
Lastly, endpoint security hygiene is essential in effectively managing and securing an organization’s endpoints. IT and security teams must retire and replace legacy hardware and software which tend to have unmanageable vulnerabilities. Devices with software or operating systems that are past their end-of-life oftentimes don’t receive critical patch updates, leaving them exposed to cyberattacks, such as in the 2017 WannaCry ransomware attacks.
Teams also need to ensure all endpoints are equally secured. A printer, often overlooked in a security posture, may not be a prime target, but can quickly become a gateway to a devastating attack. Take, for example, PrintNightmare, the zero-day Windows Print Spooler vulnerability which allowed attackers to run arbitrary code with SYSTEM privileges enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. This was a “blended” threat that required not only a patch, but also configuration updates to be fully remediated. And don’t forget about less obvious attacks such as logic bombs, MITM attacks and formjacking – since we’re often so focused on the big ransomware/DDoS attacks and botnets. Patch management is another key factor when considering security hygiene. For example, organizations should enable automatic updates for the most critical security patches.
Implementing a unified security and endpoint management approach that discovers, scans and logs devices as well as automates critical security tasks for each device is key to an effective endpoint security posture. That’s why at Syxsense we just launched Syxsense Enterprise, the world’s first IT management and endpoint security solution that delivers real-time vulnerability monitoring and instant remediation for every endpoint across an organization’s entire network environment.
I think Charles Kolodgy, principal at advisory firm Security Mindsets, summed it up best when he said, “As the market shifts to a hybrid workforce, the number of endpoints is growing exponentially, with corporate network connected mobile endpoints soaring. The need to manage and secure an increasing number of endpoints, including desktops, mobile phones and other devices, is becoming more apparent every day as sophisticated threats grow exponentially. Syxsense Enterprise is offering a solution that solves the need to both secure and manage a vast collection of endpoints. The key is the ability to scan for vulnerabilities and patch without losing business continuity.”
About the Author
Ashley Leonard is the President and CEO of Syxsense. Leonard is a technology entrepreneur with 25 years of experience in enterprise software, sales, marketing, and operations; providing critical leadership during high-growth stages of well-known technology organizations. Ashley can be reached online at @SyxsenseIT and at the Syxsense company website https://www.syxsense.com.