Endpoints are everywhere and, at the same time, nowhere. Whether it is a laptop or desktop workstation, a smartphone or point-of-sale terminal, a printer or a medical instrument, or even a server in a data center - these network-connected devices are far and away the most preferred entry point for attackers. And "far and away" might be an apt way to describe endpoints in general, considering how prolific and decentralized they have become given the unrestrained rise of corporate BYOD mobility, remote access, Internet of Things and cloud applications.
Hackers like to start small and go after soft targets, which brings the added benefit of not raising suspicion or exerting too many resources. Endpoints fit that bill well. They are considered the most vulnerable part of the network and are often operated by users who are more than willing to lend a helping hand to attackers.
So it may come as no surprise that infections originating on the endpoint are to blame for many of the largest breaches we've seen over the past several years. But at a time when new malware strains, such as Trojans and ransomware, are being created at record rates and becoming more targeted and sophisticated in nature - it appears companies are not doing enough to transition their focus to the endpoint, both of the traditional and non-traditional variety.
The statistics back this up: According to the SANS Institute, 44 percent of respondents to its third-annual survey on endpoint security reported that one or more of their endpoints have been compromised in the past two years and just 36 percent are detecting endpoint compromises through automated alerts. Many of an organization's endpoints are either unknown or being under-protected (or protected by only traditional, signature-based security controls), and if an incident does occur, the typical patchwork of endpoint devices at companies is such that they find difficulty in isolating where an incident even began, never mind responding and investigating in any meaningful way.
Meanwhile, businesses in many cases simply lack the resources to reduce endpoint security risk, according to the Ponemon Institute and CounterTack's 2016 State of Endpoint Report (registration required). The study found that just 36 percent of respondents are equipped with the adequate budget and staff to do this, and given the relentless demand by employees for mobile device support and access, 71 percent of respondents lament their ability to enforce endpoint security policies.
All is not lost. Thanks to a new wave of technologies, confidence in endpoint security is stronger than it has been in years. But you can't forget about the basics, either. Here are five elements of a successful strategy.
We'll discuss technology in just a second, but first you need to make sure you are incorporating general security best practices. That means applying tried-and-true principles, like forcing users to employ complex passwords (preferably passphrases), removing administrator rights from users, patching vulnerabilities and enforcing security configuration policies.
You can't protect what you don't know about. That is why you must not only thoroughly catalog your endpoints - and ensure that only approved devices are able to connect to your network - but also assess their vulnerability and patching status. You can prioritize the endpoints that are most at risk and contain the most sensitive data, but keep in mind that any endpoint that is internet-connected and can send files demands protection.
While traditional anti-virus remains important and viable, it cannot alone be counted on to defend endpoints. You must go beyond a signature-based point product and turn to an integrated endpoint security solution that covers the full threat spectrum by offering capabilities like real-time malware protection, application whitelisting, Windows log collection and analysis and support for mobile.
As more organizations recognize the inevitability of a compromise, a solution category known as endpoint detection and response (EDR) has given endpoint security a rebirth of sorts, with Gartner last week declaring it a Top 10 information security technology for 2016. EDR can help identify behaviors and footprints commonly associated with compromises and provide useful endpoint data for effective threat monitoring, analysis and hunting. It also provides comprehensive endpoint-specific visibility to help you connect the dots if an attack is underway. Most of the current crop of EDR solutions require a fair amount of technical savvy and security knowledge to operate successfully, so look to the growing number of managed EDR solutions coming to market as a strong option for deployment.
Of course, all of the endpoint security in the world can be rendered useless if an employee clicks on a phishing email and invites in a specialized piece of malware built to defeat most endpoint security. The aforementioned Ponemon study found that 81 percent of respondents cite "negligent or careless employees" who fail to adhere to security policies as the largest challenge in minimizing endpoint risk. At a minimum, you need to implement a creative security awareness program that teaches workers to recognize risky emails and avoid downloading untrusted links or attachments. But even more than that, you need to create a culture of security throughout your organization that is built, inspired and endorsed from the top down.
Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.