No products in the basket.
More Than Just Antivirus: 6 Considerations for Modern Endpoint Security
A network’s endpoints – devices like PCs, laptops, smartphones, IoT devices, and servers – are arguably the most vulnerable in the fight against cybercrime. They’re essential for the day-to-day running of your business, yet they can become riddled with malware; scrambled by ransomware; and hit with persistent threats, turning them into nefarious backdoors into your network.
But sadly, gone are the days when endpoints can be fully secured by antivirus software alone. Nowadays, cyber threats are so multifaceted that no single tool or approach can keep you 100% safe.
Yes, antimalware software is still essential, but it’s no longer the cure-all that it once was. Endpoint security is now a much more complex prospect. It’s something you have to weave throughout your entire infrastructure rather than tackling endpoint by endpoint.
So, let’s consider 6 essential points that go into modern endpoint security.
1. Malware Has Changed – and Keeps Changing
As our relationship with the web has grown and deepened over the last couple of decades, threats have kept pace to suit, taking advantage of the speed and omnipresence of the current internet.
Back in the day when the threat landscape didn’t move so quickly, signature-based virus detection was more than enough. Antimalware software would keep a database of the unique file characteristics (“signatures”) of known viruses doing the rounds. If a file listed in that database was found on your computer, then it would sound the alarm and attempt a fix of some kind.
Sadly, those days are long past. In order for signature-based detection to be effective, threats have to be found, identified, and added to all relevant threat databases. The 2020’s internet is flooded with scores of highly dangerous threats – both known and as-yet-undiscovered – that can cripple businesses in mere moments. So nowadays, we need antimalware solutions that can defend against both known and unknown threats.
Today’s “heuristic” antivirus tools judge files on their behaviour rather than their presence in a database. Heuristic antivirus tools are present in both endpoint security solutions that secure your devices individually, or as part of “gateway” antivirus software that sits on the firewall and protects the whole network.
One common heuristic detection method is to open unknown files in a separate “sandbox” environment to see how they act. If they do something unexpected or untoward, the device/network is disallowed from accessing them.
Heuristic tools that are installed on a device can monitor its usage – recording what “normal usage” looks like for that device and raising an alarm if anything unexpected happens. Gateway heuristic antiviruses can help in the fight against encrypted threats using a technique called deep packet inspection. This is where the firewall decrypts and inspects data as it comes in over encrypted HTTPS channels (which are now pretty standard online).
So, which should you go for – a gateway antivirus that protects the whole network? Or endpoint security software installed on each device? Our answer? BOTH.
2. Antivirus Alone Just Isn’t Enough Anymore
There was a time when a decent firewall and antivirus offered strong protection from all manner of online nasties. Sadly, though modern cyber defences are stronger than ever, antimalware tools alone are simply not enough to keep you safe – even the whizz-bang heuristic ones.
Endpoints are incredibly precarious. They provide a direct inroad to your network, yet they’re operated by a fallible, forgetful, and not-always-cyber-aware human. Cybercriminals know this and deliberately craft social engineering attacks that use legit-seeming emails or phone calls to dupe the user into doing their bidding.
Though modern antivirus tools are indispensable, they are not always best equipped to tackle the effects of social engineering attacks, sneaky persistent backdoor access, and new strains of ransomware. You ideally need a handful of solutions to keep you safe. Here are two for starters:
Managed detection and response (MDR) tools constantly monitor a device’s processes and usage for indications of a persistent threat. If anything untoward is detected, a human operative will guide you through removing that threat. We also recommend robust and ongoing cyber-awareness training to help your team stay safe online.
3. Actively Manage Your Reporting, Policies, Access, and Alerts
Unfortunately, many businesses treat network and endpoint security measures as “set it and forget it” endeavours. They simply install the solution, get everything working, then leave everything as-is for ages – usually only having a peep when something goes wrong. In our view, this is a recipe for disaster!
Security policies are usually set when you install your endpoint or network security tool, but they need reviewing regularly to make sure they still support the level of security your organisation needs. This is especially true for firms that are growing or developing at pace; policies and rules from a year or so ago may be totally unequipped for today’s setup.
It’s essential to keep a close eye on who has access to your security tools. User access to security tools should always be doled out using the principle of least privilege (POLP), where people are granted just enough access to do their job and nothing more. Access credentials should be rescinded immediately when someone leaves your organisation, lest a disgruntled former employee login and cause havoc! It’s unlikely, but it does happen.
Security alerts also need to be carefully managed to appropriately balance attention and urgency. When you’ve got bleeps and bloops constantly going off all over the shop, they eventually fade into the background noise of work – a psychological phenomenon called alert fatigue. Combine non-urgent alerts into a daily or twice-daily digest and save the alarm bells for urgent situations. Reporting should be carried out regularly to maintain an awareness of your security status quo and to make sure that threats are being dealt with appropriately.
If all of this sounds like hard work, that’s because it is. However, firewalling, cybersecurity, and network monitoring are all easy to outsource for surprisingly affordable rates.
4. Know Your Unique Vulnerabilities
No two endpoints or networks are ever built completely alike, and therefore each have their own unique foibles and risks. We couldn’t possibly explore all of the intricacies of the myriad devices and networks out there, but let’s pull at a couple of common threads.
Firstly, it’s a good idea to establish how your network connects together and “what’s connected to what and how”. Where are your different endpoints connected in relation to each other? And in relation to the internet? This might be good to know in case malware creeps across your network.
Endpoints should never connect directly to the internet – they should always connect “through” your firewall and other security measures so their traffic can be properly secured and observed. Alas, many organisations connect IoT devices and other non-standard IT endpoints directly to the internet, but even “dumb” devices can be hacked and injected with cyber-nasties.
Secondly, we need to talk about remote working. Many remote working policies were set up in a rush when COVID-19 lockdowns were enacted in spring 2020, with many firms adopting a rather lax “do whatever as long as it works” approach. Businesses did what they had to do short term. But these short-term solutions shouldn’t extend to long term policies. If you’re still using your short term, spring 2020 remote solutions today, please speak to us.
Thirdly, we recommend taking a look at the software and support licences you currently have in place for your security software and tools. Are there any areas where you are vastly overpaying for something you just don’t need? Could you possibly be under-covered in terms of available user numbers or traffic throughput? Examine your licenses with a fine-tooth comb to see if there is anything that doesn’t add up. Current security reports may help you identify weak points that need special attention. Again, if you need help with this, please just reach out.
5. Staying Up to Date Means More Than Just Software Updates
Alas, many organisations take an “if it ain’t broke, don’t fix it” approach to cybersecurity, with firewalls and endpoint hardware and software that is practically geriatric by today’s standards. But just because a security solution isn’t making any noises of complaint doesn’t necessarily mean it’s doing its job – in fact, its silence can be quite damning!
Once a firewall reaches the age of 5, it should be replaced. No ifs, no buts. It’s a great opportunity to regroup and reconsider your firewalling needs to ensure you have the right amount of available inspection throughput, the right amount of VPN connections, and so on, to suit you – with a bit of an extra buffer to allow for growth and changes. A lot can happen in 5 years!
When you’re investing in a new firewall unit, we also recommend investing in compatible threat prevention measures such as SonicWall’s Capture ATP, which contains a robust suite of tools to keep you safe from advanced cyber-gremlins like ransomware and persistent threats.
Firewalling may sound remarkably like “network security” for an article about “endpoint security” but that’s kind of our point. The line between the two concepts is growing ever more blurry – a more holistic approach to digital security is needed nowadays.
But sticking with the subject of staying up to date, there is one distinctly “endpointy” matter that would be remiss of us not to mention. Simply keeping your operating systems and software up to date can help towards keeping you safe online. Rather than leaving the responsibility of updates to each individual user, seek out Unified Endpoint Management tools, software which allows you to centrally manage software installs and pushes updates out to devices as soon as they become available.
If any devices on your network use an operating system that is coming to the end of its support cycle, seek to upgrade as soon as possible. The website endoflife.date is a great resource for exploring which OSs are currently supported by their vendors and which ones aren’t (Here are the Windows and macOS pages for quick reference).
Business photo created by rawpixel.com – www.freepik.com
6. Up Periscope: Stay Aware of the Latest Security Threats
We love this tip because it’s both free and fascinating. Forget the trendy true crime podcasts about heists and murders; learning about the new cyber scams and malware threats doing the rounds can be just as darkly compelling (yet rather more practically applicable day-to-day). As criminals devise truly wicked ways to earn a crust, the security community continue their game of threat-hunting-whack-a-mole. It’s a never-ending chase between digital cops and robbers.
The NCSC’s Weekly Threat Reports are a great resource to stay up to date with cyber nasties. If you’re more the podcast-listening kind, WatchGuard’s The 443 – Security Simplified pod is well worth a listen – and it’s surprisingly more entertaining than you might expect from a network security manufacturer!
Krebs on Security, the online base of cybersecurity icon Brian Krebs, is an excellent source for up to the minute security news and investigations. The Register’s Security section and Wired.com’s Security section also deserve an honorary mention. Though there are numerous valuable security resources available on the numerous social media platforms, Twitter’s fast-paced nature makes it a favourite in tech circles, and Reddit’s legacy and conversationality also makes it a valuable place to keep an eye open (check out the group r/cybersecurity for starters).
If you have any queries about endpoint security (or indeed taking a more comprehensive, holistic view of online security) then drop us a line for a free security review! We’ll only take an hour of your time and we may even be able to leave you more secure without you having to buy a thing. There’s no obligation to buy and nothing to lose – request your review here or give us a call on 0808 1644414.
