View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
In association with Datto
  1. cybersecurity
September 14, 2022

Endpoint protection: detecting real network attacks and responding to dangerous alerts

The sheer number of malicious probes to access corporate networks by bad actors create a lot of diffused noise. Defending only against real threats is critical to intelligent protection.

By Saleem Khawaja

CTOs need to ensure their network security and risk management personnel and systems have processes in place to record and match data from all endpoints when monitoring for threats

Some of the main challenges that corporate network admins have had to overcome in the last few years include protecting endpoints from the growth and increasing sophistication of ransomware and other attacks.

Additional challenges are the huge upsurge in home working as a result of the pandemic, which has forced technologies and processes to work hard and fast to stay ahead of this threat curve.

Historically, ransomware attacks used simple automated scripts to try to sneak into networks. They have since morphed into super-complex human-controlled activities that can be adjusted as the attack is taking place to ensure success and maximise ransom amount.

CTOs need to ensure their network security and risk management personnel and systems have processes in place to record and match data from all endpoints when monitoring for threats. Once these threats are matched against recorded threat profiles, they will be able to offer secure remote access.

To offer truly secure services, companies need to adopt a proven Endpoint Detection & Response (EDR) system, mixing with some of the following additional layers:

  • Unified Endpoint Security (UES)
  • Secure Access Service Edge (SASE)
  • Extended Detection and Response (XDR)
  • Security Service Edge (SSE)

What Is Endpoint Security?

In a nutshell, it is the systems and processes put in place to protect corporate desktops, laptops, and mobile devices from being vulnerable to exploitation by bad actors (hackers, ransomware, etc.).

Indeed, the list expands if you consider the other types of devices that need to send/receive data in real-time when communicating with corporate networks. Some of these are:

  • Tablets
  • Mobile phones
  • Smartwatches
  • Printers
  • Servers
  • ATM machines
  • Medical equipment
  • BYOD (bring your own device) equipment – devices owned by workers

All the above need to be protected, whether connected directly to a network or through the cloud. The level of protection has moved on from just being an antivirus system to comprehensive protection platforms and processes to guard against sophisticated malware and evolving zero-day threats.

These could come from rogue nations, hacktivists, criminal organisations, and deliberate or, most likely, innocent internal actors.

Endpoint security forms the first line of defence in cybersecurity planning by organisations aiming to secure enterprise networks. The latest endpoint systems are designed to swiftly detect, analyse, block, and/or contain attacks as they happen.

The importance of endpoint security systems

Enterprise cybersecurity platforms have many components:

Network exploitation and threat protection systems address risks such as malware, ransomware, spyware, viruses, zero-day threats, or a combination thereof. So, endpoint security needs to be able to be ever vigilant and actively detect and block any attacks against any hardware or data in the network.

  • Network protection in endpoint protection platforms must protect the system’s devices are connected to, to stop the attack before it reaches the device. Browser protection is one example where users are denied access to malicious or unauthorised websites; others could be email gateways that bar suspicious messages or firewalls and intrusion detection/prevention systems to stop attacks from reaching devices.
  • Application protection is also a necessary step, as these can be just as open to threats as operating systems, so automatic patch management needs to be in place to ensure applications are up to date. This feature, along with active application ‘blocklisting’ and ‘allowlisting’, and application hardening reduces their vulnerabilities.
  • Data protection is a key part of any successful endpoint security system. Some platforms allow full-disk encryption or the encryption of all web traffic. They might have secure password management, file activity monitoring, and other data controls to guard against data leakage. This is to prevent any sensitive data from being actively or passively compromised.
  • Intelligence and analytics gathering is helping the latest endpoint systems to ‘learn’ from activities and traffic on their networks. Artificial intelligence (AI), machine learning (ML), and other advanced technologies enable security platforms to analyse incoming and outgoing data streams to monitor device behaviour, enabling ML-based anomaly and malware detection, forensic analysis, or root-cause analysis.
  • A centrally managed endpoint security platform is easily and quickly deployed by system administrators, who can then manage all endpoint devices from a single portal.
  • It supports features such as endpoint detection, over-the-air enrolment, default profiles, centralised patch management, support ticket generation, and the ability to onboard remote users.

A critical reason why endpoint security systems are becoming ubiquitous is the exponential increase in the number and variations of endpoints. This is being compounded by a huge rise in home working and BYOD policies, making perimeter security vital to maintaining a healthy corporate workflow.

How does endpoint protection work?

Endpoint protection platforms (EPP) systematically examine all data moving to and from the network they are monitoring. They utilise the limitless storage capabilities of the cloud to maintain an ever-expanding list of threat types, classes, and profiles, ensuring endpoint devices are not weighed down by having their hard drives work overtime to keep up with such a demand.

Compared to even SSD hard drive speeds, accessing these threat profiles from the cloud speeds up the process and protection for the device.

A properly set up EPP will detect and guard against the broadest range of threats. It can use an EDR component with capabilities that can allow the detection of more advanced threats like polymorphic attacks, fileless malware, and zero-day attacks. By employing continuous monitoring, the EDR solution can offer better visibility, a variety of response options, and can be local or cloud-based.

Datto’s solutions for MSPs

Datto has created a suite of integrated solutions to give Managed Service Providers maximum flexibility when creating programs for end-user clients.

One component available is a smart data protection, backup, and restoration system that can be a local installation or run on the cloud, as well as its Unified Continuity solutions, a comprehensive, secure, and reliable business continuity solution for critical business infrastructure.

Another key offering is Business Management Suite, which is a unified professional services automation (PSA) and remote monitoring and management (RMM) platform. The Datto strategy provides for a unified, SaaS solution that combines its Autotask PSA and RMM, producing an end system that goes beyond simple integration, pushing real-time asset data derived from the Datto RMM into the Autotask PSA. The resultant information can help elevate the MSP’s services to provide their clients with higher levels of insight, productivity, and profitability.

Topics in this article:
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU