In today’s business environment, the term “endpoint” has become synonymous with any device that can connect to a network – desktops, laptops, tablets, smartphones and most recently, IoT devices. As endpoints continue to evolve, so do threats. Unfortunately, today’s firewalls and antivirus software can no longer protect an organization’s evolving environment. Endpoints are now exposed to a plethora of malicious activity including ransomware, phishing, malvertising, drive-by-downloads, cyrptojacking, software subversion and other backchannel attacks. Not to mention, attackers are leveraging zero-day attacks, where previously undetected vulnerabilities are used to deliver malicious payloads into endpoints.
So how do today’s businesses protect against these malicious threats? First, companies need to gain a deeper understanding of “endpoint” before selecting the “right” endpoint protection platform (EPP).
Unknown Files Driving Change
According to recent research from Comodo Cybersecurity, unknown files – an unrecognizable executable that is potentially malicious – have skyrocketed in the last five years, with more than 300,000 new malicious files detected every day. Dealing with new or unknown files is one of the most critical capabilities to any EPP.
Most EPP products use assumptive based trust, known as a Default Allow posture, when dealing with new or unknown files. This method allows files, other than known bad files, to have unfettered write privilege to system files, which assumes that files not identified as bad must be good or safe. As you can imagine, one of the major problems with a Default Allow security posture is that cybercriminals are constantly building new variants to avoid detection from these endpoint solutions. This can leave companies exposed to threats for days, weeks, even months before detected.
Beyond the Sandbox
Many EPP vendors have integrated sandbox technology into their products to combat malicious software and have had success in combatting cybercriminals. For those unfamiliar, a sandbox is an isolated virtualized environment that mimics an endpoint operation environment to safely execute unknown files, without risking harm to the host device or network.
However, this once valuable solution is starting to lose its effectiveness. Cybercriminals are creating threats that can detect when a sandbox is being used and automatically take steps to avoid detection. In addition, sandboxes are becoming more resource intensive and more complex, slowing down their ability to process threats without hindering productivity.
The Need for a Zero Trust Architecture
As cybercriminals are using the Default Allow approach to their benefit, while also modifying these variants to bypass sandboxes, companies need a better solution. The obvious answer is to adopt a Zero Trust architecture, where unknown executables are never trusted and always verified, without impacting user productivity. To successfully achieve a Zero Trust architecture, 100% of unknown files must be instantly contained and analyzed in the cloud and by humans to prevent breaches. Additionally, the business still needs to operate, and users should not have to experience productivity loss or impact. Successfully achieving a Zero Trust architecture will bulletproof your business from damage.
Best Practices for Evaluating EPP
Protecting endpoints from malicious software, intrusions and cyberattacks is one of the most crucial aspects of securing an organization’s IT resources. Endpoint protection must be part of a holistic IT security approach where network perimeter security solutions secure the boundaries between internal networks and a service provider’s network, and endpoint protection further reduces the risk of threats or malicious activity impacting IT operations.
The first step in choosing an EEP solution is evaluating the needs of the business, which should include capacity and scalability, compliance, budget and policies. The next step is to closely examine the capabilities, which should include, but is not limited to centralized management, threat detection and blocking, unknown file handling, file reputation scoring and verdicting and support to achieve a Zero Trust architecture.
Selecting the Right EPP by Running an Effective Proof of Concept
In addition to these best practices, Gartner recently released a research paper in which they strongly recommend that security and risk management leaders run a thorough proof of concept (POC) to accurately determine which endpoint protection platform is the most suitable.
Protecting organizations from today’s ever evolving threat vectors requires EPP solutions that provide more than detection technology and whitelists to identify good and bad files. EPP products must evolve into a platform approach, where multiple cybersecurity technologies, capabilities and techniques are integrated into an advanced automated umbrella of protection, which stops both known and unknown threats to prevent breaches.
Comodo Cyber Security recently partnered with Gartner on a new report titled: Everything You Wanted to Know About Endpoint Protection But Were Afraid to Ask. Download the report today to learn more about endpoint protection and how to select the right platform for your organization,TEST YOUR EMAIL SECURITY