Our first instalment was about email security but now it’s time to move on to endpoint protection. If we look at the technology that we interact with, the point that interaction takes place is the endpoint. The Endpoint can be your laptop, desktop or mobile device, running an application on the device or through a website. As a result of this, the endpoint is a high-risk point. It’s where we download files, connect USB drives, and enter our private information.   Frequently these devices are used outside of the office’s four walls beyond the protection of your network defences.  With cloud computing, Endpoint Protection is more important than ever.

Isn’t Antivirus all you need for endpoint protection?

The most commonly known system to use for endpoint protection is Antivirus software.  Typical Antivirus software is installed on your endpoint and tries to match the programs you are running and the files that you are downloading against an ever-growing database of known bad files.  If there is a match, the Antivirus program will stop the program from running and delete or quarantine it.  The problem is that this matching mechanism is very difficult to maintain because viruses and other malware are changing all the time, sometimes even hiding within the software that is considered “good.”

In the past, nations built standing armies that went to war with each other. The larger the army meant you had the greatest likelihood of success.  However, modern warfare has led to newer methods of both defence and offence.  Similarly, so are our cyber defences. Traditional antivirus programs are no longer enough to defend us and a new breed of threats, requiring us to rethink how we defend our endpoints. These are sometimes called Next-Generation Antivirus (NGAV).

How does next-gen antivirus differ from traditional antivirus software?

NGAV was developed to bridge the gap left over from the traditional antivirus systems. Each vendor has their own flavour of what they do. NGAV would use machine learning and/or artificial intelligence to help prevent against new threats that have yet to be seen or threats that have changed enough to bypass traditional signature matching used by traditional AV.

In addition, these platforms will typically add detection and response capabilities to their solution collectively called Endpoint Detection, Protection and Response (EDPR).  This provides the defender a greater set of tools to determine what is malicious and act upon them including quarantining the device from the network to prevent spread and shutting down processes that are being hijacked.

Managed Detection & Response

Because EDPR is difficult and sometimes labour-intensive even with all of the Artificial Intelligence levers that it provides, Managed Detection & Response (MDR) adds the human analysis element. Managed Security Service Providers (MSSPs) will use these platforms for threat hunt and incident analysis to weed out the bad actors and applications hiding in our systems.

Application Whitelisting- Only Run What’s Good

While NGAV focuses on finding bad programs, application whitelisting (AWL) is the practice of only allowing what is a known good application from running.  In our constantly evolving application world, this is a very difficult task to keep up to date. Like the situation with traditional A/V the database of known good programs is too massive to maintain and be accurate. However, with newer cloud-based solutions, AWL has now a new breath of life, becoming something that doesn’t have to be too expensive to maintain.

Malicious actors, however, would use known-good programs to carry out their bad intentions, such as macros in word documents or scripts.  These are applications we need to carry out our business functions so we can’t just prevent them from running. However, we can limit what functions they are allowed to perform thus minimize their risk. For example, the Excel spreadsheet that you just received has no business connecting to a website in Russia.  By putting rules around what applications can and cannot do, we reduce our attack surface.

The Importance of End-Point Protection

Our endpoints are always under attack, whether its when we are browsing the web, running an app on our phone, connecting to a public WiFi, plugging in a USB drive, or opening an email attachment. These devices are what we as humans are interfacing with and they tend to contain huge computing power and extremely sensitive information.

Without a comprehensive solution to protect our endpoints, we are running through a field of broken glass without shoes. Don’t get caught running like that, reach out to us here at Triada so we can help you get the protection you need for your business. You can give us a call at 201-297-7778 or schedule a free consultation here.