How Endpoint Security Can Help Enterprises Tackle IT Strain

Contrary to popular belief, cyberattacks are not (always) a massive attempt to take over or disable your infrastructure. While a wide DDOS attack can be used as a decoy, the real work is more subtle, more elaborate. Consider a James Bond film, for example. The bad guy would try to infiltrate your organization quietly, identify its weaknesses, and attempt to gain power gradually in order to fulfill his villainous plan.

Just as in those Bond movies, broad, external defenses are not enough, and usually, countermeasures come too late to stop the infiltration. This is especially true for fragmented organizations and enterprises relying heavily on external contractors and employees working remotely. Once an enemy has found his way in, the whole organization falls. With 69% of breaches perpetrated by outsidersOpens a new window like organized criminal groups and nation-states, it takes a special problem-solver like 007 to save the day.

Learn More: Confronting The Risks With Artificial Intelligence TechnologyOpens a new window

Evolving Endpoint Protection

Your endpoints, such as workstations and servers, are ideal targets to successfully infiltrate a system. They are made all the more vulnerable when they are outside of the corporate network, and therefore don’t benefit from perimetric protection.

Initially, anti-virus solutions focused on identifying malware signatures and on white-list/black-list mechanisms. This approach quickly reached its limits due to one key factor: it relies heavily on known exploits. Therefore, systems end up repeatedly exposed to zero-days as new threats constantly arise.

As attack vectors evolved and mutated, software vendors developed new protections, the Next-Generation Antivirus (NGAV) which relies on tools including:

• Machine Learning enables the ability to detect unknown threats and prevent unidentified attacks.
• Endpoint Detection and Response (EDR) which can correlate events and detect suspicious activity.
• Those technologies, however, still focus on identifying threats rather than protecting the system from the inside — reactivity rather than proactivity.

Protecting the System From the InsideEndpoint Privilege Management is a new generation of cybersecurity protection that focuses on providing effective immune defense for your endpoints. Rather than trying to identify then block an attack, it stops whatever is not a part of the organism.

To translate this into IT language: only legitimate actions can be performed on your systems.

This approach is particularly interesting for endpoints exposed to external networks, like those used by third-party providers or remote employees accessing your network. This approach assumes that any system can be infiltrated but implements internal protections such that it cannot be harmed even if that comes to pass, even if it is outside the corporate network. Endpoint protection employs the Principle Of Least Privilege: without local admin rights, an intruder or malware can’t acquire the necessary privileges to run processes and applications.

Enforcing the Principle of Least Privilege also has additional benefits:

Eliminating over-privileged users on endpoints so that malware is unable to damage your system or steal critical data
Removal of all local admin accounts to reinforce defenses
Blocking of crypto APIs so that systems can’t be held hostage by ransomware
Granting appropriate rights to the right users in the right context
This is a good first step, but it still focuses on the “external agent”: the user and his or her privileges. This is great but not enough because systems must be able to protect themselves against threats.

Learn More: Don’t Let Account Take Over Attacks Take Over your BusinessOpens a new window

Privileges at the Process Level, Not by the User

The strongest, most innovative EPM solutions no longer address privileges at the user level, but at the process and application level.

This is a major conceptual shift for security: local systems are no longer only protected against threats or against users. The defense is deployed at the application or at the process level for deeper, more tailored control and security.

More often than not, application management relies on a binary decision — users can access it or not and this application is authorized or not. The purpose of those rules is to prevent applications and processes from harming the system, but it comes at the expense of productivity when a user must interrupt their IT team for every otherwise legitimate software download.

When applications are pre-approved and specific actions within those processes are also approved (or denied), managing endpoint security becomes simple. Processes and applications can run only with a precise set of privileges in a precise context. With users that can’t elevate their privileges, and admin accounts removed, processes use can’t be hijacked to perform malicious operations.

Providing granular protection at the process level allows the user to maintain access to all the tools necessary to accomplish their tasks, efficiently and independently, while ensuring that the software won’t be able to harm the system should an enemy find its way in.

Calling James Bond to save the day is not always an option. EPM enables organizations to block the root cause of the danger they face from the inside: processes and applications, especially when endpoints like employee PCs are exposed to external threats. Proper implementation of the Principle Of Least Privilege helps to prevent infiltrated agents from hijacking your systems, simply because they won’t be able to perform any activity beyond those allowed for your employees to perform their specific tasks.

Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!