An Endpoint Has Been Breached - Isolate to Minimize the Damage


If you look around any organization, it is clear that the number of endpoints and applications in use are growing exponentially.  Data is being accessed from local and cloud-based storage through mobile devices that can be used as an access point to your most sensitive information.

The digital universe is doubling in size every two years. This mobile proliferation has introduced new risks and areas of vulnerability, expanding the endpoint attack surface. Neutralizing these threats should be on of your top priorities.

Like many organizations, you probably employ some form of application blacklisting and patch management in response to these risks. However, depending on these tools alone can often provide you with a false sense of security because – in order for these security measures to be effective – the attack must originate from a known source.  Zero-day vulnerabilities, spear phishing and other advanced attacks are designed to evade these technologies.

So how well prepared are you if an attack occurs from an unknown or unexpected source?

A security model that focuses on restricting the endpoint will not provide your mobile workforce with the flexibility they need and expect. This will only lead to a poor user experience, often handcuffing productivity. In the short term, shrinking the attack surface may help plug these discernible holes. But you still need to have strategies in place that will mitigate the amount of potential damage an attacker could inflict, once a vulnerability is found and exploited.

Attacks can come from anywhere - security layers are required

The attack surface is not typically limited to one threat vector and it is a misconception that malware is often the sole culprit. Attacks can be internal or external, targeting the network, software, or even the user themselves. The reality is that sophisticated attacks often involve a combination of these components.

IT has a limited budget, but you can’t afford to put locks only on the front door, as an attacker will simply focus their efforts on an open window…or in some cases, they may already be inside your house.

Attacks evolve and despite your best intentions, the technology that protected you yesterday is likely ineffective against the attacks of today and may even provide an entry point to new threats.

You need to constantly evolve your security posture. Don’t settle for ‘good enough’ security. Instead, deploy a layered framework that protects against both internal and external threats. An ideal framework is comprised of network, endpoint, and data security solutions to ensure you are protected against the most common threat vectors. Then review, renew, and replace each layer on a regular basis. Like attackers, your security infrastructure should constantly evolve.


Technology alone is not enough, you need your employees on board as well. Train your people often and insist on refresher courses at a regular cadence. Include this as a condition of employment if necessary. Regulatory auditors will be impressed with your initiative.

Security must also extend to wherever the employee is, regardless if they are working from a desktop in the office, or a tablet in a café. With access to sensitive data, the endpoint must remain visible, with constant monitoring of the security layers protecting it. The best security in the world is ineffective if you can’t prove it is working.

Constant monitoring leads to appropriate remediation 

Visibility across all your endpoints will allow you to establish a security baseline, by identifying where your devices are, what data they store, and what security tools are in place and operating.

Once this security baseline is established, a monitoring tool will alert you of any deltas or irregularities when compared with historical usage. This can be based on hardware, software or changes in user behavior. This insight can allow for pre-emptive security measures to be performed, often preventing security incidents from occurring at all.

Effective endpoint security is challenging since you are constantly trying to maintain oversight on a moving target. Therefore, it is inevitable that an endpoint will be compromised. At this point it’s imperative that you have visibility over the device, along with the context of the event.

This information allows for a timely and appropriate response, isolating the attack from impacting other devices and to prevent the spread of infection, or freezing a compromised device so the threat cannot access sensitive data or authenticated data stores.  Monitoring for suspicious events allows for a targeted response to contain the device and limit the damage once the threat is identified.  

Based on the current threat landscape and a myriad of security tools, many proactive organizations no longer view endpoint security as an attempt to remain ‘protected’. Instead, you should consider yourself in a constant state of compromise and remediation, based on your own unique risk threshold.

The ability to monitor and respond allows you to understand where the threats are, and respond appropriately to minimize the damage.

Edited by Stefania Viscusi

Vice President, Product Management, Absolute Software

Related Articles

How New Payment Options are Changing Ecommerce

By: Special Guest    9/11/2019

There was a time when the concept of online payments made people skeptical, but that's far from the case today. Payments are central to eCommerce and …

Read More

3 Types of Manufacturing - Additive, Subtractive, and Forming

By: Special Guest    9/9/2019

Most of us identify manufacturing processes by the equipment used. But manufacturing is also identified in a broader sense, by the way, the manufactur…

Read More

The importance of cybersecurity in 2019

By: Special Guest    9/9/2019

The internet may have transformed almost every part of the world today. But it goes without saying, it has also created a wide range of other threats …

Read More

Startup Product Taking a Long Time to Get Off the Ground?

By: Special Guest    9/3/2019

Despite your best efforts, your startup product might be taking longer to get off the ground that you had hoped it would. You seem to be bleeding cash…

Read More

How the 5G Telco Market is Transforming with Lessons Learned from the Enterprise

By: Special Guest    8/21/2019

In the case of 5G, signaling/control messages between nodes give way to open API calls between virtual network functions (VNF).

Read More