An Endpoint Has Been Breached - Isolate to Minimize the Damage


If you look around any organization, it is clear that the number of endpoints and applications in use are growing exponentially.  Data is being accessed from local and cloud-based storage through mobile devices that can be used as an access point to your most sensitive information.

The digital universe is doubling in size every two years. This mobile proliferation has introduced new risks and areas of vulnerability, expanding the endpoint attack surface. Neutralizing these threats should be on of your top priorities.

Like many organizations, you probably employ some form of application blacklisting and patch management in response to these risks. However, depending on these tools alone can often provide you with a false sense of security because – in order for these security measures to be effective – the attack must originate from a known source.  Zero-day vulnerabilities, spear phishing and other advanced attacks are designed to evade these technologies.

So how well prepared are you if an attack occurs from an unknown or unexpected source?

A security model that focuses on restricting the endpoint will not provide your mobile workforce with the flexibility they need and expect. This will only lead to a poor user experience, often handcuffing productivity. In the short term, shrinking the attack surface may help plug these discernible holes. But you still need to have strategies in place that will mitigate the amount of potential damage an attacker could inflict, once a vulnerability is found and exploited.

Attacks can come from anywhere - security layers are required

The attack surface is not typically limited to one threat vector and it is a misconception that malware is often the sole culprit. Attacks can be internal or external, targeting the network, software, or even the user themselves. The reality is that sophisticated attacks often involve a combination of these components.

IT has a limited budget, but you can’t afford to put locks only on the front door, as an attacker will simply focus their efforts on an open window…or in some cases, they may already be inside your house.

Attacks evolve and despite your best intentions, the technology that protected you yesterday is likely ineffective against the attacks of today and may even provide an entry point to new threats.

You need to constantly evolve your security posture. Don’t settle for ‘good enough’ security. Instead, deploy a layered framework that protects against both internal and external threats. An ideal framework is comprised of network, endpoint, and data security solutions to ensure you are protected against the most common threat vectors. Then review, renew, and replace each layer on a regular basis. Like attackers, your security infrastructure should constantly evolve.


Technology alone is not enough, you need your employees on board as well. Train your people often and insist on refresher courses at a regular cadence. Include this as a condition of employment if necessary. Regulatory auditors will be impressed with your initiative.

Security must also extend to wherever the employee is, regardless if they are working from a desktop in the office, or a tablet in a café. With access to sensitive data, the endpoint must remain visible, with constant monitoring of the security layers protecting it. The best security in the world is ineffective if you can’t prove it is working.

Constant monitoring leads to appropriate remediation 

Visibility across all your endpoints will allow you to establish a security baseline, by identifying where your devices are, what data they store, and what security tools are in place and operating.

Once this security baseline is established, a monitoring tool will alert you of any deltas or irregularities when compared with historical usage. This can be based on hardware, software or changes in user behavior. This insight can allow for pre-emptive security measures to be performed, often preventing security incidents from occurring at all.

Effective endpoint security is challenging since you are constantly trying to maintain oversight on a moving target. Therefore, it is inevitable that an endpoint will be compromised. At this point it’s imperative that you have visibility over the device, along with the context of the event.

This information allows for a timely and appropriate response, isolating the attack from impacting other devices and to prevent the spread of infection, or freezing a compromised device so the threat cannot access sensitive data or authenticated data stores.  Monitoring for suspicious events allows for a targeted response to contain the device and limit the damage once the threat is identified.  

Based on the current threat landscape and a myriad of security tools, many proactive organizations no longer view endpoint security as an attempt to remain ‘protected’. Instead, you should consider yourself in a constant state of compromise and remediation, based on your own unique risk threshold.

The ability to monitor and respond allows you to understand where the threats are, and respond appropriately to minimize the damage.

Edited by Stefania Viscusi

Vice President, Product Management, Absolute Software

Related Articles

What does an IT support team do?

By: Contributing Writer    8/15/2022

Most IT support teams are tasked with day-to-day troubleshooting. This ranges from fixing machines and networks to physically maintaining them by chan…

Read More

Top 7 Tips for Making Open-Source Software More Secure

By: Contributing Writer    8/15/2022

In the wake of high-profile security threats, companies and governments are increasingly turning to open-source software as one of the ways to avoid s…

Read More

Security for Playing Online Casino Games on Your Mobile

By: Contributing Writer    8/12/2022

Technology has transformed how humans perceive and do things. One of the sectors that technology has dramatically improved is the online gaming sector…

Read More

Fans Ready to Embrace Stadium Digital Future

By: Greg Tavarez    8/10/2022

In Oracle Food and Beverage's report, 70% of attendees would prefer to have service jobs replaced by digital solutions in the future.

Read More

Twilio Cyber Attack: Social Engineering is Real and Really Dangerous

By: Matthew Vulpis    8/9/2022

Phishing is commonly used by cyber criminals, as an attack that exploits an organization's last line of cyber defense - the employees

Read More