Mobile, remote and hybrid work models require organizations to support far more endpoints than ever before, and most are struggling to maintain control and visibility of those devices. The result is a greatly expanded attack surface that has become increasingly difficult to secure.
According to a recent Ponemon Institute survey, the average enterprise organization now has approximately 135,000 network-connected endpoints such as PCs, laptops, smartphones, printers and Internet of Things devices. That’s an astonishing 17,900 percent increase over pre-pandemic figures. Shockingly, the Ponemon report found that organizations are unable to discover or manage nearly half of their endpoints.
As the old saying goes, you can’t secure what you can’t see. Poor visibility into the endpoint environment makes it nearly impossible for resource-strapped IT teams to monitor, update and secure all endpoints. Additional Ponemon research found that 68 percent of organizations have been hit by one or more endpoint attacks that successfully compromised data and/or their IT infrastructure.
Endpoint Risks Increasing
Outdated and unpatched endpoint devices are susceptible to a variety of exploits, including ransomware, phishing, malware, SQL injection and Denial of Service attacks. Fileless malware that can evade common endpoint security measures has become particularly problematic, with such attacks increasing by nearly 900 percent over a 12-month span, according to one report.
Even endpoints that are discoverable by IT are often at risk due to outdated security practices that rely too heavily on signature- and rules-based antivirus and antimalware software. These solutions have been designed to search for known malware patterns, but fileless malware and other new malware variants rarely display any of those traditional characteristics.
Such attacks have far-reaching consequences. Once attackers have compromised even a single network-connected endpoint, they can circumvent perimeter security controls such as firewall rules and network access restrictions. They can then maintain persistent access while moving laterally through the network, infecting multiple machines, performing reconnaissance and exfiltrating sensitive information. According to the Ponemon Institute, a successful endpoint attack can cost an organization nearly $9 million in mitigation costs, downtime and lost productivity.
Given the risk, improving endpoint security is clearly a business priority. To get started, organizations must first improve visibility across their on-premises and cloud endpoint environments. A thorough asset inventory can reveal exactly how many and what type of endpoints are in use, where they are located, how they are being used and whether they are being adequately protected.
Automating Security with EDR and XDR
That’s far too big of a job for resource-strapped IT teams using manual processes. The more effective and efficient approach for almost any organization is an endpoint detection and response (EDR) solution that simplifies the process through automation, rapidly collecting data to produce accurate inventories within minutes. More important, EDR solutions use advanced behavioral analysis and machine-learning algorithms to automatically identify malicious files by their unique tactics, techniques and procedures (TTPs) and take more proactive steps to block them.
Cloud-native extended detection and response (XDR) solutions offer even more advanced protection. For example, CrowdStrike’s Falcon Insight XDR continuously monitors all endpoint activity, collecting and correlating real-time security data from endpoints, firewalls and cloud instances as well as a variety of third-party data sources. This single-pane-of-glass view of security data allows IT teams to rapidly detect and respond to stealthy threats.
While Falcon Insight automates much of the endpoint security process, organizations that lack in-house cybersecurity expertise might prefer to offload the entire burden. That’s why Technologent works with CrowdStrike to offer EDR-as-a-Service solutions that are managed and monitored in our security operations center. Contact us to explore your options for boosting your endpoint security.
Comments