Despite advances in next-generation firewalls and intrusion prevention systems, endpoint security remains an essential component of a layered security strategy. In the Ponemon Institute’s Third Annual Study on the State of Endpoint Security Risk, 68 percent of respondents said that the frequency of attacks on endpoints increased in the preceding year. Additionally, the proportion of unknown, zero-day attacks is expected to nearly double from 23 percent in 2019 to 42 percent in 2020.
According to the 2019 SANS Survey on Next-Generation Endpoint Risks and Protection, phishing and other social engineering exploits are the top attack vector, cited by 57.8 percent of respondents. Rounding out the top three are browser-based attacks such as drive-by downloads, cited by 51.8 percent, and credential theft or compromise, cited by 48.2 percent.
There are a number of reasons why endpoint threats are on the rise. First, there are simply more endpoints than ever before. In addition to traditional company-owned desktops, laptops and servers, the SANS survey finds that attacks are on the rise against employee-owned devices, Internet of Things (IoT) sensors and smart building sensors. Employees working from home are also bringing smart speakers and wearables into the mix.
Gaps in Protection
Of course, work-from-home strategies have had a dramatic impact on endpoint risks. Employees are accessing applications and data from outside the secure network perimeter, creating visibility gaps that make it difficult for security teams to detect a compromise. User behavior is a big problem, too — employees working from home are more likely to take risks that result in a successful cyberattack.
Antivirus tools have traditionally been used for endpoint security, but they do not provide adequate protection. The Ponemon study found that antivirus software effectively blocks just 40 percent of attacks. Additionally, survey respondents say antivirus tools are complex to deploy and manage and generate high numbers of alerts and false positives. More than half (56 percent) say they’ve changed endpoint security solutions within the preceding two years, with 51 percent augmenting antivirus with additional layers of protection.
For many organizations, the next step is to deploy an endpoint protection platform (EPP), which typically includes antivirus, URL filtering and other security controls. EPPs also give IT teams the ability to identify and enroll endpoints and monitor and control endpoint settings.
Endpoint Detection and Response
Endpoint detection and response (EDR) solutions go a step further. While EPPs focus on keeping threats out of the environment, EDR tools continuously monitor endpoints to detect potential threats that get past initial defenses. EDR then contains the threat to prevent further infection. The malicious file is sent to a sandbox — a secure, isolated location where the EDR tool can investigate the file without putting the rest of the environment at risk.
Visibility across the environment enables EDR tools to effectively eliminate identified threats. EDR analyzes data collected over the lifespan of the file to determine where it originated, whether it has replicated, and what devices, applications and data it might have interacted with.
According to the Ponemon study, 65 percent of organizations adopt EDR to detect attacks early and prevent their spread. Sixty percent have implemented EDR to proactively block attacks, while 41 percent use the technology to help recover from attacks.
Endpoint attacks have surged due to the increasing number and type of device and work-from-home strategies that put many devices outside the perimeter. Technologent can help you implement an EDR solution that detects, contains and eliminates attacks that get past perimeter defenses.