As we noted in our last post, malicious actors are increasingly exploiting security vulnerabilities in user endpoint devices such as laptops, tablets and smartphones. In a new report from HP, two-thirds of IT teams say endpoint security has become far more difficult due to the huge numbers of remote and hybrid workers using unsupported devices to access network resources.
Here are some of the policies, processes and technologies you can use to improve your organization’s endpoint security:
Policies should define which types of endpoint devices are permitted and what level of access each worker is granted. They should also require that endpoint operating systems and applications be regularly updated and patched in a timely manner. You may want to consider stipulating that the company has the right to install device management software on any employee-owned devices used to access the network.
Endpoint Protection Platform
EPPs provide an important first line of defense for endpoints by integrating antivirus, antimalware, encryption, intrusion prevention, data encryption and personal firewalls to detect and block threats. Because malware variants use various sophisticated techniques to help evade these traditional defenses, most experts say an EPP should be incorporated with an endpoint detection and response solution.
Endpoint Detection and Response
EDR solutions continuously monitor endpoints and network events, using advanced behavioral analysis and machine learning to identify suspicious files. When a known threat is identified, the EDR solution triggers rules-based responses such as sending an alert or logging off the user. Additionally, data about all identified and suspected threats is recorded in a central database for further analysis and investigation.
Unified Endpoint Security
UES solutions combine elements of EPP and EDR solutions to enable management of the endpoint security stack from a single console. Some solutions include additional security features such as automated patching, multifactor authentication, policy management, and asset discovery and inventory.
With encryption, sensitive company data residing on laptops, smartphones, USB drives and other devices is rendered unreadable to unauthorized users. Encryption can be deployed in several ways. Full-disk encryption locks down the entire device, including data, files, the operating system and software. Folder encryption can be used to secure specific folders or applications. File encryption is a more granular approach that ensures data is always encrypted whether in storage or during transmission.
Most leading security vendors now offer solutions that use artificial intelligence (AI) to extend zero-trust principles to endpoint devices. These solutions generally incorporate a cloud-based AI platform that continuously monitors all applications and processes running on endpoint devices. Machine-learning algorithms process hundreds of different behavioral and contextual indicators in real time to evaluate all activity. Only apps and processes classified as trusted are allowed to execute on the endpoint device.
Segmentation limits risks by breaking up the network into smaller, isolated parts. It won’t stop an attack, but it dramatically restricts the attack’s ability to spread. Using firewalls, routers and switches to create isolated network segments, segmentation techniques prevent ransomware and other malware from propagating throughout the network. In the event of a breach or infection, segmentation can contain the damage to a single network segment, or subnetwork.
Data Loss Prevention
DLP solutions monitor endpoint devices and other network entry and exit points, alerting administrators when the sharing or transfer of data violates company policies. Any out-of-policy data movement or usage can then be interrupted. Additionally, popup messages inform users why actions have been blocked, providing real-time security awareness education.