Endpoint security is more important now than ever, with a high percentage of breaches still originating at the endpoint. As we connect more and more devices to the network, our exposure to endpoint threats increases exponentially, meaning our need for endpoint security is palpable.
As the threat continues to grow, we are seeing trends form, best practices becoming established — and common mistakes being made that could be avoided. Here we highlight the most common of each of these.
Endpoint Security Trends
One of the key endpoint security trends we’re currently witnessing is sandboxing. In fact, it’s a huge trend that’s going to take shape quickly and overall different operating systems. Windows 10 has a sandbox feature that is a temporary virtual machine built to isolate anything in a software installation that could potentially do harm to the rest of the system. It sandboxes it, runs it, and makes sure it’s clean so that it can be transferred over to the main operating system.
Sandboxing is obviously nothing new — we’ve been seeing it as a third-party add on to operating systems, but what is new is that now we’re seeing it embedded within operating systems. With so much hidden malicious code in software today — code that could potentially not only harm but crash the system and steal your data — sandboxing gives you time to go through it to make sure it’s legitimate and not going to harm anything on your network before you release it to your main operating system.
A second endpoint security trend that we’re witnessing is increased behavior analysis where, for instance, a platform will detect multiple logins for the same IP address or multiple logins for the same person from different geographic locations.
It’s so common today for your email login details to be stolen and then used from abroad to log in and infiltrate your account. One of the main reasons this has become a trend is because there are no one or two things that you can use to protect yourself and your data anymore, so we must use more analytics, especially behavior analytics. It’s simply the best way to understand people’s habits and behaviors, plus it’s an easy way to add another layer of protection and another layer of security for end users.
Behavior analytics are being used effectively elsewhere in endpoint security when it comes to antivirus. You must rely less on traditional AV products and enhance them with behavior analysis and AI-based antivirus technology.
The AI base is more intelligent and protects against zero-day attacks. Additionally, it recognizes anomalies within a file instead of relying on a signature to have that file in its database to protect against. Without this, the risk is that you won’t be protecting endpoints against newer threats, which hide themselves very well and are often fileless, so you must adhere to this best practice.
EDR (endpoint detection and response) is another endpoint security best practice must-do. A means of detecting and responding to threats at the endpoints before they become attacks, there are solutions out there that, in addition to this, allow for forensic analysis. For instance, if a computer gets infected and it spreads to the network, some intelligence-based AV software can find out which computer was first to get infected and what the path was from that computer that spread to other computers on the network. Those kinds of forensics should be in place so that you understand the spread of the risk that you’re facing.
Multifactor authentication (MFA) and URL filtering are two more endpoint security best practices you must implement. When it comes to MFA, in forcing users to use it for their email, their VPN, their access to the network, you can tackle common current threats.
URL filtering has become extremely common and is a best practice must because there are so many fake URLs out there. Even legitimate sites could be infected without their knowledge, so the URL filtering gives you another layer of protection against that.
Mistakes to Avoid
The biggest endpoint security mistake companies make is not paying enough attention to personal phones, tablets, and any devices that are brought into the office and hooked up the corporate Wi-Fi. That becomes a serious threat very quickly, and it’s a huge mistake for companies and IT departments to not restrict this.
One of the reasons this is likely still happening is that there’s no easy way to join a tablet or phone to a corporate network, unlike a computer, which you can join to a domain and limit its reach. Still, you must secure the wireless network from rogue access and end user mobile devices. It’s not necessarily simple, but Cisco Meraki and others have come up with policy-based wireless access points. It’s a challenge we’re all facing, but it’s a mistake not to manage it.
In addition to this, smartphones, tablets, and so on are being used for corporate activity with no antivirus, antimalware, protection, or encryption. This would never happen with a laptop or PC, yet it’s still not standard for mobile devices.
Another common endpoint security mistake that should be avoided is users of Office 365 not utilizing the platform’s full breadth of security functions. Often when we start working with a new client and they have Office 365, there are so many areas of additional security that can be turned on from enabling mailbox auditing, enabling client rule forwarding blocks, and much more. The full security suite is not being taken advantage of.
MSPs should use their quarterly or semi-annual reviews to work through a checklist of functions that need to be turned on in Office 365. These are often things that don’t necessarily cost extra money for the client — and they should be turned on, reported and reviewed, and then analyzed.
About The ASCII Group, Inc.
The ASCII Group is the premier community of North American MSPs, VARs and solution providers. The group has over 1,300 members located throughout the U.S. and Canada, and membership encompasses everyone from credentialed MSPs serving the SMB community to multi-location solution providers with a national reach. Founded in 1984, ASCII provides services to members including leveraged purchasing programs, education and training, marketing assistance, extensive peer interaction and more. ASCII works with a vibrant ecosystem of major technology vendors that complement the ASCII community and support the mission of helping MSPs and VARs to grow their businesses. For more information, please visit www.ascii.com.