An Endpoint Has Been Breached - Isolate to Minimize the Damage

By Ryan St Hilaire September 23, 2015

If you look around any organization, it is clear that the number of endpoints and applications in use are growing exponentially.  Data is being accessed from local and cloud-based storage through mobile devices that can be used as an access point to your most sensitive information.

The digital universe is doubling in size every two years. This mobile proliferation has introduced new risks and areas of vulnerability, expanding the endpoint attack surface. Neutralizing these threats should be on of your top priorities.

Like many organizations, you probably employ some form of application blacklisting and patch management in response to these risks. However, depending on these tools alone can often provide you with a false sense of security because – in order for these security measures to be effective – the attack must originate from a known source.  Zero-day vulnerabilities, spear phishing and other advanced attacks are designed to evade these technologies.

So how well prepared are you if an attack occurs from an unknown or unexpected source?

A security model that focuses on restricting the endpoint will not provide your mobile workforce with the flexibility they need and expect. This will only lead to a poor user experience, often handcuffing productivity. In the short term, shrinking the attack surface may help plug these discernible holes. But you still need to have strategies in place that will mitigate the amount of potential damage an attacker could inflict, once a vulnerability is found and exploited.

Attacks can come from anywhere - security layers are required

The attack surface is not typically limited to one threat vector and it is a misconception that malware is often the sole culprit. Attacks can be internal or external, targeting the network, software, or even the user themselves. The reality is that sophisticated attacks often involve a combination of these components.

IT has a limited budget, but you can’t afford to put locks only on the front door, as an attacker will simply focus their efforts on an open window…or in some cases, they may already be inside your house.

Attacks evolve and despite your best intentions, the technology that protected you yesterday is likely ineffective against the attacks of today and may even provide an entry point to new threats.

You need to constantly evolve your security posture. Don’t settle for ‘good enough’ security. Instead, deploy a layered framework that protects against both internal and external threats. An ideal framework is comprised of network, endpoint, and data security solutions to ensure you are protected against the most common threat vectors. Then review, renew, and replace each layer on a regular basis. Like attackers, your security infrastructure should constantly evolve.

Shutterstock

Technology alone is not enough, you need your employees on board as well. Train your people often and insist on refresher courses at a regular cadence. Include this as a condition of employment if necessary. Regulatory auditors will be impressed with your initiative.

Security must also extend to wherever the employee is, regardless if they are working from a desktop in the office, or a tablet in a café. With access to sensitive data, the endpoint must remain visible, with constant monitoring of the security layers protecting it. The best security in the world is ineffective if you can’t prove it is working.

Constant monitoring leads to appropriate remediation 

Visibility across all your endpoints will allow you to establish a security baseline, by identifying where your devices are, what data they store, and what security tools are in place and operating.

Once this security baseline is established, a monitoring tool will alert you of any deltas or irregularities when compared with historical usage. This can be based on hardware, software or changes in user behavior. This insight can allow for pre-emptive security measures to be performed, often preventing security incidents from occurring at all.

Effective endpoint security is challenging since you are constantly trying to maintain oversight on a moving target. Therefore, it is inevitable that an endpoint will be compromised. At this point it’s imperative that you have visibility over the device, along with the context of the event.

This information allows for a timely and appropriate response, isolating the attack from impacting other devices and to prevent the spread of infection, or freezing a compromised device so the threat cannot access sensitive data or authenticated data stores.  Monitoring for suspicious events allows for a targeted response to contain the device and limit the damage once the threat is identified.  

Based on the current threat landscape and a myriad of security tools, many proactive organizations no longer view endpoint security as an attempt to remain ‘protected’. Instead, you should consider yourself in a constant state of compromise and remediation, based on your own unique risk threshold.

The ability to monitor and respond allows you to understand where the threats are, and respond appropriately to minimize the damage.




Edited by Stefania Viscusi

Vice President, Product Management, Absolute Software

SHARE THIS ARTICLE
Related Articles

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More

3 Ways to Improve Your VR Projects

By: Ellie Martin    1/4/2018

There is no denying that VR is here and will most likely only increase in velocity as a terminal speed is yet to be even hypothesized. That is why it …

Read More