From SC Magazine – David Angin
With employees and endpoints the weak links in the cyber-security chain, David Angwin says organisations must break away from traditional protection and switch focus to preventing sophisticated attacks before it’s too late.
Businesses and organisations looking to protect themselves against the dire consequences of data breaches in 2016 now face perhaps one of the most complex and rapidly evolving threat landscapes in recent years. Attackers are smarter and more targeted in their approach, and so too are the various forms of malware at their disposal. The threat of compromised security is compounded by the stagnating ‘reactive’ approach that many security solutions continue to employ in their attempts to prevent data loss, an approach which simply is not fit for purpose. As the saying goes: ‘an ounce of prevention is worth a pound of cure’, and in relation to data security, the logical step in keeping up with threats is to focus efforts on preventing an attack before damage has been done.
The weak links in the chain
The factors behind the increased risk to organizations are twofold. First, attackers are aware that employees are often the weak link in a security chain. Users can fall victim to expertly targeted ‘spear-phishing’ campaigns and allow malware in through a web browser, all it can take is one click of a link and the attack can proliferate from that one single point. Not only are spear-phishing attacks tailored to that particular organisation, but careful monitoring from the attackers can allow them to tailor their approach to individual employees.
Second, the network edge and endpoints within an organization are exploited by attackers as the path of least resistance to gain access to sensitive data. A Verizon report has found that 95 percent of threats originated at the endpoint.
There is increasing evidence of endpoint-related security breaches. Earlier this year, Swiss technology firm RUAG recognised a breach which had gone unnoticed since 2014, during which time attackers had obtained 23GB of potentially valuable/sensitive data. In this case, the 2016 report noted that infected endpoints were used as bots to relay information as communication and worker drones, making the attack more difficult to spot and allowing for complex instructions to be relayed without being detected.
Whether the cause is a sophisticated attack or a careless employee, the approach taken by traditional antivirus software is firmly rooted in the idea of ‘detecting and remediating’ the attack, one that crucially relies on the software obtaining a positive ID of the threat before it is able to take action. This is often not fast enough to effectively limit the damage caused by zero-day attacks, and the ability to remediate the attack is particularly limited in small businesses with limited or no IT staff.
Why wait to act?
This is the question that underpins the far more effective preventative approach to data protection. Advanced threat protection predicts potential attacks by utilising machine learning – which is a branch of artificial intelligence – to analyse all files prior to execution, determining which processes are safe before they can run. The software is able to make informed decisions about behavioural characteristics from millions of identifiers within the code, while using only a fraction of valuable system resources.
This approach is perfect for protecting traditional endpoints, and can also be utilised for alternative methods of application delivery, including in virtualised environments using energy-efficient thin clients. For many companies, virtualisation can enhance IT security management and protection, as it enables proactive security patches to be delivered remotely and simultaneously to all endpoints, and ensures company data is secured in the data centre.
The combination of advanced threat protection and virtual desktops creates an environment that provides high levels of protection for organisations and mitigates the threats from increasingly sophisticated attacks.
With employees working in a virtualised environment, the enterprise is able to control all endpoints from a centralised management console, with the ability to assess, detect and react more quickly in the event of security issues. Next generation security solutions which adopt a preventative approach can be easily deployed and managed, the result being a comprehensive and future-proof protection strategy for the organisation.
Have questions on endpoint security – contact us.