Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Better Secure the Endpoint: 5 Elements of a Successful Strategy

Endpoints are everywhere and, at the same time, nowhere. Whether it is a laptop or desktop workstation, a smartphone or point-of-sale terminal, a printer or a medical instrument, or even a server in a data center - these network-connected devices are far and away the most preferred entry point for attackers. And "far and away" might be an apt way to describe endpoints in general, considering how prolific and decentralized they have become given the unrestrained rise of corporate BYOD mobility, remote access, Internet of Things and cloud applications.

Hackers like to start small and go after soft targets, which brings the added benefit of not raising suspicion or exerting too many resources. Endpoints fit that bill well. They are considered the most vulnerable part of the network and are often operated by users who are more than willing to lend a helping hand to attackers.

So it may come as no surprise that infections originating on the endpoint are to blame for many of the largest breaches we've seen over the past several years.  But at a time when new malware strains, such as Trojans and ransomware, are being created at record rates and becoming more targeted and sophisticated in nature - it appears companies are not doing enough to transition their focus to the endpoint, both of the traditional and non-traditional variety.

The statistics back this up: According to the SANS Institute, 44 percent of respondents to its third-annual survey on endpoint security reported that one or more of their endpoints have been compromised in the past two years and just 36 percent are detecting endpoint compromises through automated alerts. Many of an organization's endpoints are either unknown or being under-protected (or protected by only traditional, signature-based security controls), and if an incident does occur, the typical patchwork of endpoint devices at companies is such that they find difficulty in isolating where an incident even began, never mind responding and investigating in any meaningful way.

Meanwhile, businesses in many cases simply lack the resources to reduce endpoint security risk, according to the Ponemon Institute and CounterTack's 2016 State of Endpoint Report (registration required). The study found that just 36 percent of respondents are equipped with the adequate budget and staff to do this, and given the relentless demand by employees for mobile device support and access, 71 percent of respondents lament their ability to enforce endpoint security policies.

All is not lost. Thanks to a new wave of technologies, confidence in endpoint security is stronger than it has been in years. But you can't forget about the basics, either. Here are five elements of a successful strategy.

1) Do the Fundamentals Well

We'll discuss technology in just a second, but first you need to make sure you are incorporating general security best practices. That means applying tried-and-true principles, like forcing users to employ complex passwords (preferably passphrases), removing administrator rights from users, patching vulnerabilities and enforcing security configuration policies.

2) Know Your Endpoints

You can't protect what you don't know about. That is why you must not only thoroughly catalog your endpoints - and ensure that only approved devices are able to connect to your network - but also assess their vulnerability and patching status. You can prioritize the endpoints that are most at risk and contain the most sensitive data, but keep in mind that any endpoint that is internet-connected and can send files demands protection.

3) Deploy Advanced and Automated Endpoint Protection

While traditional anti-virus remains important and viable, it cannot alone be counted on to defend endpoints. You must go beyond a signature-based point product and turn to an integrated endpoint security solution that covers the full threat spectrum by offering capabilities like real-time malware protection, application whitelisting, Windows log collection and analysis and support for mobile.

4) Prioritize and Automate Detection and Response

As more organizations recognize the inevitability of a compromise, a solution category known as endpoint detection and response (EDR) has given endpoint security a rebirth of sorts, with Gartner last week declaring it a Top 10 information security technology for 2016. EDR can help identify behaviors and footprints commonly associated with compromises and provide useful endpoint data for effective threat monitoring, analysis and hunting. It also provides comprehensive endpoint-specific visibility to help you connect the dots if an attack is underway. Most of the current crop of EDR solutions require a fair amount of technical savvy and security knowledge to operate successfully, so look to the growing number of managed EDR solutions coming to market as a strong option for deployment.

5) Make Employees Your Ally

Of course, all of the endpoint security in the world can be rendered useless if an employee clicks on a phishing email and invites in a specialized piece of malware built to defeat most endpoint security. The aforementioned Ponemon study found that 81 percent of respondents cite "negligent or careless employees" who fail to adhere to security policies as the largest challenge in minimizing endpoint risk. At a minimum, you need to implement a creative security awareness program  that teaches workers to recognize risky emails and avoid downloading untrusted links or attachments. But even more than that, you need to create a culture of security throughout your organization that is built, inspired and endorsed from the top down.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Endpoint Protection

Latest Trustwave Blogs

Unveiling the Latest Ransomware Threats Targeting the Casino and Entertainment Industry

Anyone who has visited a casino knows these organizations go to a great deal of expense and physical effort to ensure their patrons do not cheat. Still, there is a large group of actors who are...

Read More

Third-Party Risk: How MDR Offers Relief as Security Threats Abound

While third-party products and services are crucial to everyday business operations for almost any company, they also present significant security concerns, as high-profile attacks including...

Read More

Trustwave Takes Home Comparably Best Company Outlook for 2024 Award

Comparably, a leading workplace culture and compensation monitoring employee review platform selected Trustwave to receive its Best Company Outlook for 2024 Award. This award marks the seventh time...

Read More