It's human nature to want some type of "silver bullet" that will solve complicated problems like curing the common cold. But complex problems almost inevitably require complex solutions. Hundreds of different viruses cause colds, so a single magical cure isn't going to make all that coughing and sneezing vanish overnight. It's the same for cybersecurity. Everyone would love to be able to say that a single tactic or tool will prevent every attack and there will never be another breach, but that's just wishful thinking. Today, cybersecurity is a lot more complicated than installing a patch and calling it a day.
As attacks become ever more complex and sophisticated, enterprise security teams need to minimize exposure as much as possible by:
- Reducing the attack surface with hardening
- Practicing good security hygiene
- Providing security training to employees
- Setting up a defense in depth strategy
Taking steps to prevent attacks is necessary, but unfortunately it isn't enough. Even if an organization does everything right to reduce exposure, prevention alone doesn't solve the problem. Security updates always lag behind threat outbreaks. A responsible patching window is 2-6 weeks, but the average time for an exploit is 7 days, so zero-day attacks can slip past security systems. In addition, there's the human element – which is often the weakest link. At every company, there's always someone who can't resist clicking on a very convincing phishing email or a particularly tempting attachment. Indeed, research suggests that approximately 5% of employees regularly fail cybersecurity awareness tests.
The fact is that breaches are going to happen, so security teams have to assume that endpoints will be compromised at some point. As more employees work remotely, the number of endpoints is only going to increase. Many organizations are struggling to cope with new security challenges arising from the influx of non-trusted devices on their networks, and there's an increased focus on endpoint resiliency.
Effective endpoint resilience is made up of four key ingredients: visibility, proactive control, self-defense, and self-healing.
1. Visibility
Complete visibility means organizations must be able to see any device attempting to access network resources, as well as any device already on the network. When it comes to endpoint security, security teams need to have visibility into every asset, so they can answer questions like:
- What type of access should be provided – guest, limited or unlimited?
- Are any devices on the network unprotected?
- What applications are running on a given endpoint?
- What reputation does a given application have?
- Are there vulnerabilities that need to be patched?
The challenge is that most enterprises have a lot of endpoints. Everything from servers to laptops to mobile devices, like phones and tablets. Other networked devices may include point of sale systems, equipment, sensors, and scanners. Endpoint solutions need to be able to identify and monitor mission-critical business processes and have complete visibility into the operating system, applications, data services, processes, and vulnerabilities of assets.
2. Proactive control
Once you have the visibility, you need to have security policies and controls in place to preemptively harden endpoints before patches are applied. Using discovery and risk mitigation capabilities, security teams can ferret out and proactively control any rogue devices, IoT devices, applications, and vulnerabilities across the system or applications.
Many threats designed to steal data may work slowly and over time, so that identifying and exfiltrating data falls under the radar. That strategy is effective as it takes an average of 280 days to detect and contain a breach. In many cases, threats are only detected after a significant amount of data is lost. In contrast, the goal of other types of attacks, such as ransomware, is not data theft but sabotage. Some ransomware solutions are able to bypass file-based malware prevention and ruin a system in minutes or even seconds. Attacks can occur faster than any security team could manually respond to and contain, so anything short of real-time blocking increases the organization’s risk of a successful attack.
Proactive controls need to address both of these issues: identifying low-level attacks that traditional security systems may not detect and responding quickly enough to disrupt a fast attack designed to do maximum damage before traditional security tools understand what is happening and can respond.
3. Self defense
Most modern endpoint security is focused on prevention to keep malware from downloading or executing. An important aspect of self-defense, however, is the ability to also protect the endpoint after an infection or compromise. Because attacks can be stealthy, they are often able to evade the prevention layer by leveraging legitimate system tools or by exploiting applications so they look, initially at least, like legitimate behavior. The recent highly publicized supply chain attacks are examples of this type of file-less attack.
Therefore, for a system to self-defend, it first needs behavioral-based detection. No matter what type of tool an attacker may use, it always has to carry out a particular mission that can be identified and stopped. As a result, behavioral-based detection is much more durable than file-based detection.
However, detection isn’t just about self-defense. After detecting malicious intent, to protect the data and the endpoint, the system must also be able to move quickly to block the specific action. As soon as it detects a malicious process, it should block all outbound communications attempts and also block access to the file system. In this way, the malicious process can neither "phone home” nor move laterally to infect other systems. It also can't download additional payloads or traffic stolen data. In the case of ransomware, it can’t encrypt files. This type of detect and diffuse approach effectively stops a breach automatically, in real time.
4. Self-healing
After stopping an attack, your endpoint security needs to have the ability to roll back any malicious changes that were made by the attacker. With more employees working remotely, this ability to self-heal becomes even more important. In the past, if an endpoint was compromised or suspected of being infected, most IT teams would resort to reimaging and rebuilding the endpoint. But if 80% of your workforce is remote, this option is unrealistic and can have a negative impact on productivity. Self-healing automates cleanup and rolls back malicious changes without taking machines offline by cleaning up the registry, deleting malicious files, and restoring tampered files, or in the case of ransomware, files that have been encrypted.
The Recipe for Endpoint Security
To see, control, and protect all devices across the enterprise, companies need an integrated endpoint security solution that includes prevention, detection, and response capabilities. The current generation of EDR solutions’ ability to remain effective even as attack methods change, is a key reason why they should be included as part of any comprehensive enterprise cybersecurity strategy.
Learn more about Fortinet’s FortiEDR solution and how it has the unique ability to defuse and disarm a threat in real time, even after an endpoint is already infected.
"ingredients" - Google News
May 18, 2021 at 09:33PM
https://ift.tt/3wtbr7d
Four Ingredients for Effective Endpoint Security - CSO Online
"ingredients" - Google News
https://ift.tt/2Qstat1
Shoes Man Tutorial
Pos News Update
Meme Update
Korean Entertainment News
Japan News Update
Bagikan Berita Ini
0 Response to "Four Ingredients for Effective Endpoint Security - CSO Online"
Post a Comment