IT Basics – Endpoint SecurityJohn LeMay
This is the second article in our IT Basics series. This series focuses on core technology best practices that should be part of every organization’s IT playbook. It is important to not only develop and implement these practices but to review, update, and enhance them regularly.
Our first article in this series focused on Data Backup and Recovery. In this second article, we will focus on protecting computer endpoints such as laptops and desktops from security threats.
What is Endpoint Security?
Endpoint security is the process of protecting computer endpoints such as laptops, desktops, servers, and mobile devices from cybersecurity threats. Endpoint security is not a single tool, but a set of tools that provide multiple layers of protection to devices. Advanced endpoint security tools are not only able to protect against known threats, but can protect against unknown and even zero-day threats.
Traditionally organizations relied on numerous hardware and software solutions to provide security for endpoints connected to company networks. Firewalls, internet gateways, VPNs, and antivirus software were all common tools that each provided a layer of protection. These solutions were all separate and required different IT skillsets to manage and maintain. Today these solutions do not go far enough to protect against modern cyber threats. Additionally, these tools did little to protect a portable computer once it was disconnected from the company network.
Evolution of Cyberthreats
Today cybersecurity threats have evolved and basic protections that we long relied on are no longer adequate. Threats such as phishing attempts, ransomware, and bad software embedded in websites easily bypass traditional computer security protections. Additionally, the rapidly evolving hybrid work model means that more and more people are working at least part of the time from a location outside of the company office. In many cases, a user may work from two or more locations, connected to different networks, in a single day. Hardware firewalls and internet gateways installed to protect a business location are generally ineffective in protecting a mobile workforce. Instead, new tools and techniques are required.
Advanced Protections from Advanced Threats
Advanced cybersecurity threats today require advanced endpoint security protection tools to prevent unauthorized access to your computer. Common terms used to refer to the software packages providing these tools include “Endpoint Protection Platforms” (EPP) and “Endpoint Detection and Response” (EDR) software. EPP and EDR software both provide advanced protection from cyber threats, but to different degrees and in different ways. An EPP software solution is the most basic set of tools every computer should be equipped with today. These packages leverage advanced analytics to detect and block known threats, similar to the function traditional antivirus packages performed, as well as new and emerging threats including zero-day exploits. An EPP solution is adequate for organizations with few users who do not handle sensitive data.
Organizations with higher requirements for security and cyber threat protection, such as those in the financial or medical fields, or those who regularly handle and store personal data, benefit from adding an EDR solution alongside their EPP software. EDR takes protection to the next level by not only attempting to block known and new threats but by being able to respond proactively should some form of infection occur. For instance, many EDR solutions can detect the process of files being encrypted – a sign of a ransomware infection – and prevent the process from continuing. EDR solutions typically also have a method to revert the encrypted files to their original, unencrypted state.
Endpoint Security Components
Endpoint protection solutions combine not only EPP and EDR software but additional tools such as software-based firewalls, email protection, protection from harmful websites or software downloads. Additionally, most solutions are capable of behavioral analysis to detect unusual processes being performed on an endpoint. All of these components combine to provide a comprehensive approach to securing endpoints, and your business, from modern cyber threats.
Another key component of a proper endpoint security program suitable for business is monitoring and response by professional IT security staff. All EPP and EDR software can perform some level of protection on their own. However, machine analysis and response still cannot fully replace the type of advanced analytics that can be done by cybersecurity professionals.
Most true business-grade endpoint security solutions include remote monitoring and response to security events reported by EPP and EDR software. Security professionals, typically working remotely as part of a Security Operations Center (or “SOC”) service, review these security events and may determine additional remediation or escalation is necessary. Many EPP and EDR solutions provide this “eyes on screen” service as part of the cost of the solution. Whether included or available as an additional service, monitoring and responding to security events is critically important and should not be overlooked.
Today’s cybersecurity landscape is very different from just a few years ago and continues to rapidly evolve with new threats and new ways to protect your data and your business. Business and Technology leaders must work to ensure a well-designed endpoint security solution is in place for all devices at all times. Failure to do so introduces significant business risk. Networks may be compromised, data may be encrypted or stolen, and significant business downtime may be experienced.
Taking advantage of leading EPP and EDR software helps ensure your business is protected and can continue to operate. Contact Oceantec today to find out how we design and implement cybersecurity protections, including EPP and EDR solutions, for our clients.