Rest of Asia
Rest of Asia
Rest of Asia
Rest of Asia
Protecting Threats and Secure Endpoints
Protecting Threats and Secure Endpoints
Protecting Threats and Secure Endpoints

Best Practices to Detect and Remediate Threats and Secure Endpoints

In today’s work from anywhere, a cloud-based environment, users and devices always operate in a hostile environment.  

Conventional perimeter-focused security approaches no longer work.

Today, network users and devices connect to the network from far-off places. Each point of connection represents an endpoint. A majority of such endpoints are beyond the conventional network perimeter.

And such endpoints proliferate at a fast pace. As the enterprise grows more and more remote cloud servers get added. As digitisation becomes all-pervasive, the network may co-opt many new IoT sensors. All this while, remote workers connect from their home PC or laptops. Executives on the move connect their smartphones through unsecured public wifi.

Many of these endpoints, being outside the enterprise’s perimeter, remain vulnerable to attacks. Home PCs may not have the same robust security installations that enterprise devices have. Some IoT sensors even come with hardcoded default passwords.  Laptops and PC endpoints remain susceptible to compromised USB devices and threats from shared file drives.  Attackers may also exploit vulnerabilities present in web servers.

At present, threat actors strike at will. Securing the networks requires accepting the changed reality of the disintegrated perimeter. Enterprises have to overhaul their security approach with a focus on endpoint security.

Employee Education

The pre-requisite to protecting endpoints is educating users about the changed nature of threats. Conventional security education focused on protecting the perimeter. Today, the main threat is unsuspecting internal users who click on malicious links that offer the attackers easy entry to the network.

Pre-empting insider threats requires

  • Making employees understand the new nature of cyber threats and how it impacts them.
  • Making the workforce aware of the security policies in place and how to follow them.
  • Imbibing security best practices among the workforce.
  • Familiarising employees with the new security installations to protect endpoints.

Dynamic Conditional Access

Dynamic control access is a basic measure to secure endpoints. If attackers do not have access, they cannot perform their malicious actions.

Traditional access control depends on static rules. Such rules have become obsolete today, as attackers use ingenious ways, even deploying AI, to bypass such rules.

Dynamic conditional access framework allows enterprises to define granular access control policies. These frameworks consider contextual factors, such as:

  • User behaviour
  • Location of the user.
  • The security posture of the endpoint.

The system may evaluate if the device seeking access has satisfactory security configurations. The system blocks or grants limited access to non-compliant devices.

Enterprise security can adjust the access conditions depending on the evolving threat landscape.

State-of-the-art endpoint security solutions such as Cloudflare make dynamic conditional access easy. Cloudflare co-opts CrowdStrike Zero Trust Assessment score to enforce conditional access.  Users can restrict access to sensitive resources based on device health and compliance checks.

Ensuring Visibility

Most enterprises grow organically. And system admins always remain busy putting out fires.

Over time, they forget about many endpoints. Or they may never know about some endpoints in the first place. Enterprising business users may start independent cloud subscriptions, leading to shadow IT.

Such hidden and unmanaged endpoints pose grave security risks. These unmanaged endpoints usually run outdated software. Such software almost always misses security patches and has weak configurations. They become easy targets for attackers.

Effective protection depends on the complete visibility of all network endpoints. Once the endpoint is visible, it is possible to harden it against security threats and make sure the protections remain up-to-date.

Complete network visibility also sets the stage for optimising endpoint management. System admins can identify underutilised resources and optimise the network resources.

Endpoint protection platforms such as Cloudflare integrate endpoint information into unified dashboards. System admins can use these resources to get real-time alerts. These dashboards also offer updates on ongoing investigations and compliance statuses. Built-in reporting makes audits easy. Audit logs offer details on each threat for forensics. System admins can apply the lessons learned for incident responses.

AI-Driven Behavioural Analysis

Traditional endpoint protection tools offer signature-based protection. Such tools protect only against known threats. It remains inadequate in today’s dynamic environment, where new threats can emerge at any time.

The next-generation endpoint protection tools apply behavioural analysis and telemetry. These tools deploy lightweight agents to gather happenings at the endpoints. It collects process details, file changes, and user activities. AI algorithms compare endpoint behaviour with normal usage patterns. It triggers alerts if they suspect anything amiss.

For instance, the system looks into network processes and memory usage and compares them with normal patterns. Next, it applies policy rules to remediate the situation. Potential actions include blocking suspicious executable files, enabling multi-factor authentication, and so on.

All of these take place in real-time. The system relays event data to a cloud-based platform that cross-references global telemetry. Real-time threat intelligence thwarts even the most advanced zero-day threats.

Real-time behavioural analysis offers effective protection against polymorphic attacks. Here, attackers use constantly changing code, content, or structure. These tools also ward off other potent attacks, such as fileless malware and stealth credential theft.

Automated Remediation

Network visibility and insights into threats become useless without a mechanism to do something about it.

The latest endpoint protection systems enable automated responses. The most common responses include:

  • Isolating the device
  • Killing the suspicious processes
  • Removing the malicious files, or
  • Rolling back the data.

Automated remediation leaves attackers with little time to exfoliate the data.

Integrated Endpoint Protection Tools

Endpoint protection platforms, such as Cloudflare, automate policy enforcement. It also offers add-on capabilities such as forensic analysis. Forensics and audits offer a detailed analysis of endpoint actions. Such insights allow reconstructing the attack chain and getting into the root cause of the incident. It enables taking countermeasures to prevent the recurrence of similar threats.

Integrated Endpoint Protection Tools

Effective endpoint protection depends on dedicated endpoint protection tools. These tools may be standard installations or part of a wider zero-trust approach, depending on the enterprise security strategy.

The common endpoint protection tools include:

  • Antivirus and anti-malware suites to detect and prevent known threats.
  • Firewalls to control traffic and block unauthorised access.
  • Intrusion detection and prevention systems to detect and halt malicious traffic.
  • Data loss prevention tools to stop sensitive data from leaving the network.
  • Vulnerability management tools to patch security weaknesses

A comprehensive endpoint protection service such as Cloudflare makes detection, remediation, and protection easy. Cloudflare’s connectivity cloud offers complete end-to-end protection. System admins get complete control over the environment. The platform partners with other endpoint security providers to make endpoint protection seamless.  Integration with VMWare Carbon Black cloud consolidates endpoint offerings into a single platform. The integrated platform reduces tool sprawl while improving security and resilience at the same time. 

It is easy to recommend robust security. When it comes to walking the talk, a lot of practical difficulties force enterprises to make compromises.  For this reason, it is important to onboard a tried and tested platform such as Cloudflare. Such platforms have been around for a long time and take care of the practical nitty-gritty extraordinarily well.

Tags:
Email
Twitter
LinkedIn
Skype
XING
Picture of Christopher Khor

Christopher Khor

Christopher provides technology insight as well as advising & coaching services to IT Professionals. He is also an Adjunct Teaching Mentor with SMU Business School. He graduated with an MBA as well as MSc(Computer Science) and has over 30 years of working experience, serving in critical roles such as IT Director and CIO positions. He believes in the power of relationship building and people development through mentoring and coaching organizational success.
Picture of Christopher Khor

Christopher Khor

Christopher provides technology insight as well as advising & coaching services to IT Professionals. He is also an Adjunct Teaching Mentor with SMU Business School. He graduated with an MBA as well as MSc(Computer Science) and has over 30 years of working experience, serving in critical roles such as IT Director and CIO positions. He believes in the power of relationship building and people development through mentoring and coaching organizational success.
Blog or Generic
Ask Chloe
Proofpoint
Tricentis
Proofpoint
Tricentis

Recommended For You

View More
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.

Your privacy matters to us. We will not disclose your personal information to any kind of third-party players. Your information is highly secured with us. For more information about our Privacy Policy, please visit our website here.

=
Ask Chloe

Submit your request here, my team and I will be in touch with you shortly.

Share contact info for us to reach you.

Your privacy matters to us. We will not disclose your personal information to any kind of third-party players. Your information is highly secured with us. For more information about our Privacy Policy, please visit our website here.

=