An Endpoint Has Been Breached - Isolate to Minimize the Damage


If you look around any organization, it is clear that the number of endpoints and applications in use are growing exponentially.  Data is being accessed from local and cloud-based storage through mobile devices that can be used as an access point to your most sensitive information.

The digital universe is doubling in size every two years. This mobile proliferation has introduced new risks and areas of vulnerability, expanding the endpoint attack surface. Neutralizing these threats should be on of your top priorities.

Like many organizations, you probably employ some form of application blacklisting and patch management in response to these risks. However, depending on these tools alone can often provide you with a false sense of security because – in order for these security measures to be effective – the attack must originate from a known source.  Zero-day vulnerabilities, spear phishing and other advanced attacks are designed to evade these technologies.

So how well prepared are you if an attack occurs from an unknown or unexpected source?

A security model that focuses on restricting the endpoint will not provide your mobile workforce with the flexibility they need and expect. This will only lead to a poor user experience, often handcuffing productivity. In the short term, shrinking the attack surface may help plug these discernible holes. But you still need to have strategies in place that will mitigate the amount of potential damage an attacker could inflict, once a vulnerability is found and exploited.

Attacks can come from anywhere - security layers are required

The attack surface is not typically limited to one threat vector and it is a misconception that malware is often the sole culprit. Attacks can be internal or external, targeting the network, software, or even the user themselves. The reality is that sophisticated attacks often involve a combination of these components.

IT has a limited budget, but you can’t afford to put locks only on the front door, as an attacker will simply focus their efforts on an open window…or in some cases, they may already be inside your house.

Attacks evolve and despite your best intentions, the technology that protected you yesterday is likely ineffective against the attacks of today and may even provide an entry point to new threats.

You need to constantly evolve your security posture. Don’t settle for ‘good enough’ security. Instead, deploy a layered framework that protects against both internal and external threats. An ideal framework is comprised of network, endpoint, and data security solutions to ensure you are protected against the most common threat vectors. Then review, renew, and replace each layer on a regular basis. Like attackers, your security infrastructure should constantly evolve.


Technology alone is not enough, you need your employees on board as well. Train your people often and insist on refresher courses at a regular cadence. Include this as a condition of employment if necessary. Regulatory auditors will be impressed with your initiative.

Security must also extend to wherever the employee is, regardless if they are working from a desktop in the office, or a tablet in a café. With access to sensitive data, the endpoint must remain visible, with constant monitoring of the security layers protecting it. The best security in the world is ineffective if you can’t prove it is working.

Constant monitoring leads to appropriate remediation 

Visibility across all your endpoints will allow you to establish a security baseline, by identifying where your devices are, what data they store, and what security tools are in place and operating.

Once this security baseline is established, a monitoring tool will alert you of any deltas or irregularities when compared with historical usage. This can be based on hardware, software or changes in user behavior. This insight can allow for pre-emptive security measures to be performed, often preventing security incidents from occurring at all.

Effective endpoint security is challenging since you are constantly trying to maintain oversight on a moving target. Therefore, it is inevitable that an endpoint will be compromised. At this point it’s imperative that you have visibility over the device, along with the context of the event.

This information allows for a timely and appropriate response, isolating the attack from impacting other devices and to prevent the spread of infection, or freezing a compromised device so the threat cannot access sensitive data or authenticated data stores.  Monitoring for suspicious events allows for a targeted response to contain the device and limit the damage once the threat is identified.  

Based on the current threat landscape and a myriad of security tools, many proactive organizations no longer view endpoint security as an attempt to remain ‘protected’. Instead, you should consider yourself in a constant state of compromise and remediation, based on your own unique risk threshold.

The ability to monitor and respond allows you to understand where the threats are, and respond appropriately to minimize the damage.

Edited by Stefania Viscusi

Vice President, Product Management, Absolute Software

Related Articles

How Your Company Can Maintain Its Cybersecurity in 2021 and Beyond

By: Special Guest    9/17/2021

Cybercrimes are continually on the rise, bringing more threats to organizations in the pandemic than before. Statistics show that as early as March…

Read More

Is Mining Cryptocurrency Still Viable?

By: Special Guest    9/17/2021

As cryptocurrency continues to grow, more and more people are getting in on the action. But is it worth mining? Click here to find out more.

Read More

The World Will Change With Bitcoin

By: Special Guest    9/15/2021

Financial freedom may increase more efficiently with digital currency than ever before. The consequences of this are profound. Millions of people …

Read More

From Driver's Licenses Proof of Vaccination to Fishing Licenses, the World is Going All-Digital

By: Erik Linask    9/13/2021

The State of Louisiana's LA Wallet app will soon allow users to upload not only digital driver's licenses and COVID-19 vaccination status, but also hu…

Read More

Apple Must Now Allow Alternative Direct Payment Options In App Store, Judge Rules

By: Luke Bellos    9/10/2021

A California judge ruled that Apple has not been proven to be a monopoly, but is participant in anti-competitive practices within the company's digita…

Read More