A few decades ago, corporate endpoints consisted mainly of stationary PCs glued to the desk. The attack vectors to break into an end-user device were also slim. Can you imagine that the first ransomware attack was distributed via 5.25-inch floppy disks to the attendees of a WHO conference? Back then, protecting endpoints involved anti-malware tools that sniff out suspicious files based on static signatures. That seemed satisfactory for the time it served.
With most employees working on-site, the focus gradually shifted from endpoints to perimeter. Companies had a clear delineation of the corporate boundary and considerable control over what enters the network. This network perimeter made it simple to cast a wider net that protects all the assets within the enterprise. Under this assumption, firewalls and secure web gateways took precedence, while endpoint security faded in the background.
Today, the endpoint repertoire includes a whole host of devices ranging from servers, virtual machines, laptops, smartphones, and tablets. The increased mobility enabled by modern devices has driven the culture of work from anywhere. As devices began moving beyond the corporate bounds, security leaders soon realized the limitations of perimeter security, signaling the revival of endpoint security. But not until the pandemic was its importance fully understood. Work from home has existed for decades, but not at the same scale as now, and not with so much at stake. With the majority of the workforce operating out in the open, no longer air walled from the internet, the enterprise attack surface has expanded largely.
Explosion of the attack surface
Employees working from home or public spaces remain exposed to plenty of attack vectors. From unprotected internet to public charging ports, every connection is a channel for malicious actors. Employees and partners might use personal devices to access corporate data, which might not have the same level of protection as its corporate counterparts. Adding to this is the proliferation of shadow IT, i.e., the use of unsanctioned and unmonitored file sharing and collaboration tools that prove to be fertile grounds for data leakage. Working remotely has blurred the line between personal and professional. Many remote workers often think of their work laptop as a personal device, letting their friends and relatives access their devices. While employees might be well-educated on phishing techniques, the same can’t be said of others using their devices. This raises concern among security leaders, especially when pandemic fears are paving ways for phishing.
The bottom line is endpoints now remain the door to corporate resources, making them an attractive target for intruders. Security is now expected to follow endpoints wherever they go. Correspondingly, security leaders are doubling down on various endpoint security strategies to offer a layered defense against the modern threat landscape.
Adopting a Zero Trust mindset
There’s no one security layer that offers complete protection against cyberthreats. Endpoint security must address the increasing number of entry points as corporate data moves through every layer of the device. From devices to applications, peripherals, storage and browsers, every layer must be vetted before enabling access to the corporate resources. This operates on the philosophy of Zero Trust where you define and trust your protect surface and deny network access to all else.
Trust established at a point in time doesn’t mean your network always remains secure. Security is a moving target. This is especially true in today’s hybrid workplace, where employees work from home or office or toggle between the two. Malware infections picked up at home brought into the office via unsecured personal devices open up opportunities for lateral movement. Consider the scenario of a phishing email being sent to all the recipients of a contact list from a compromised device. Trusting it to be from a legit user, other employees might open files and attachments, leading to organization-wide attacks. This is why IT security must continually evaluate trust to ensure devices, apps, users, and data are secure across time.
Upholding device hygiene and data protection
Devices shipped directly to the remote employee’s home are left with default configurations. Modern UEM solutions offer over-the-air techniques to ensure security policies are configured on devices irrespective of their whereabouts. Covering cyber hygiene essentials, such as monitoring for vulnerabilities, keeping software and antivirus signatures up-to-date, and encrypting hard drives, ensures the devices are hardened against threats. While it’s impossible to completely do away with shadow IT, corporate containment and browser isolation enables BYOD to access business apps and intranet without the data ever touching the device.
Post-infection detection and response
As much as protection is important, having a robust post-infection strategy ensures intrusions are detected at early stages and responded before developing into a full-blown breach. Today, behaviour-based detection and response tools employ AI to distinguish malicious anomalies from benign behavior. These techniques prove to be more effective at addressing sophisticated malware that shifts its signature frequently.
Unifying endpoint security architecture
With so many moving parts to secure and so many disconnected tools, security teams often operate in silos. Having an integrated solution fosters better coordination among all the security personnel involved. It also reduces remediation time, total cost of ownership, and IT overheads for integrating and managing point products.
With ManageEngine’s integrated endpoint security toolkit, remote users can work on any device from anywhere, while being as secure as they are within corporate boundaries. This brave new world of perimeter-agnostic security enables security leaders and employees to function fearlessly in the hybrid era.