Endpoint security is one of the most fundamental security measures you can implement. Even among low maturity SMBs with no IT team it was found that up to 90% of cyber spending goes to endpoint security. Why? Securing endpoints has become critical in recent years; particularly for businesses with remote workforces.

Many different vendors and solutions exist. Understanding what solutions are necessary, or even why endpoints need to be protected, is a difficult task for SMBs with limited security knowledge. Often, it is necessary to use a combination of multiple tools and administrative controls in order to protect your endpoints. In this article, we will be discussing several things to consider when purchasing endpoint security solutions for your SMB to ensure your systems are secure and your tools are working together effectively.

What are endpoints and endpoint security?

Endpoints are any device that connects to the internet through your network. This includes laptops, desktops, smartphones, tablets, printers, routers, and other IoT devices. Endpoint security is any measure taken to secure these devices so that hackers can’t infiltrate them. Solutions are available to help prevent, detect, and respond to threats and block unauthorized network access. 

There are two ways to improve security to endpoints. One involves implementing security best practices at the administrative level. The goal of these practices is to minimize the likelihood of incidents occurring  and limit the damage a cyberattack will cause your business. A security best practice includes educating employees how to spot phishing attacks.

Another security best practice is limiting data employees have access to as much as possible. The principle of least privilege says that only the minimum amount of access should be available to employees for them to do their job. Additionally, access should only be available for the amount of time it is necessary for that employee to have access. This limits the amount of data a hacker will be able to get access to if they breach an employee’s endpoint device. 

These policies help with endpoint security to a degree, but in order to have properly secured endpoints often software is necessary. These tools are used to protect vulnerable endpoints from threats that are able to get past administrative measures. Endpoint security software is installed directly on the endpoint – meaning no matter where the device goes it will still be protected.

Why is endpoint security particularly important now?

The rise of remote workforces has created many more endpoints than had previously existed. Bring your own device (BYOD) policies are commonplace among businesses. This policy allows employees to use personal devices for work. While measures can be taken to make this policy safer it still introduces many new endpoints. Employees now may have access to sensitive data on cell phones, tablets, laptops, and desktops. These devices are sometimes then shared with family members. All of these insider threats create potential liabilities for companies.

Being outside the company’s firewall at home has also increased threats. Additional steps to secure remote workforces’ endpoints need to be taken that may have not been necessary while everyone was working within the physical borders of the business.

Frequencies of insider threats per year sourced from the Ponemon Institute

Understand the different types of endpoint security solutions that exist.

There are many different ways to secure endpoints and different tools are used to achieve this. Some tools combine a variety of these solutions into one package, while others can be bought separately. These tools focus on at least one of three functions – preventing incidents, detecting incidents, and responding to incidents. Here we will look at some of the most common endpoint security solutions.

-Anti-virus and anti-malware software

Anti-virus and anti-malware capabilities are generally covered by the same tool. In the past companies could get by with this being one of, if not the only, endpoint protection. Due to an increase in threats that is no longer the case. These tools tend to focus on identifying malicious code through the use of signatures. Signatures are defined as a set pattern that may be within the file or within the memory that is being used by hackers. Hackers are now able to get around signature-based defenses, and for this reason additional security tools are needed.

-2FA

Having employees log in with Two-factor authentication (2FA) has become the norm for access control. There are various technologies that can be used to do this. Password managers also can be used to make the process easier for employees, and lower the risk of forgotten passwords or employees saving passwords in unsecured places.

-Endpoint Data Loss Prevention (DLP)

Data leaks, data loss, and data theft are risks when sending and receiving data from endpoints. DLP softwares can help control file transfers containing sensitive data. This is especially important when sending data relating to passwords, intellectual property,  confidential information, and customers’ personally identifiable information (PII). Endpoint DLP software also often allows administrators to limit whether external drives such as USBs can be used with the endpoint.

-Endpoint Detection and Response (EDR)

While anti-virus and anti-malware software relies on looking at signatures, EDR tools instead look for deviations in the baseline behavior of the endpoint. Newer tools do this by using machine learning. Once deviations in baseline behavior (malicious actions by hackers) are detected the tool can then block those actions. The tool responds to these malicious actions by isolating the system, quarantining the threat, and rolling back to a previous configuration. EDP tools are also generally API driven which means that no user or technician intervention is required.

-Endpoint Encryption

Encrypting data offers protection from data theft. Even if data is stolen, hackers will not be able to read it if it is encrypted. Endpoint encryption software protects data both on internal hard drives of endpoints as well as external hard drives such as USBs. There are two types of encryption – file based encryption and full disk encryption. File based encryption allows only select files in a disk or drive to be encrypted. This can be useful for things such as sensitive emails. Full disk encryption on the other hand encrypts the entirety of a disk.

-Application Controls

Application controls restrict what system applications are allowed to do and what resources they are allowed to use. This tool prevents the download of potentially malicious applications on endpoints. This is beneficial for remote workers as they may be using their own personal devices.

Employees using their own devices may attempt to use these devices for non-work related activity. This opens up the risk of downloading malicious applications. Application controls also help protect from malicious insiders, who may intentionally attempt to download malicious applications.  Application controls are also particularly useful for devices that are meant to do very limited functions such as single use devices. Here it is very easy to set limitations into which applications are allowed.

Sourced from the Ponemon Institute

-IoT Security

Use of IoT devices (Internet of Things) have become widespread. IoT devices are any device that connects to the internet or a network to transmit data. Common IoT devices found in corporate settings include printers, thermostats, routers, scanners, and even break room refrigerators. These devices generally come with minimal, if any, security mechanisms in place. They are some of the easiest endpoints for hackers to breach. IoT security software helps to encrypt data and perform scans and analytics of traffic.

Getting endpoint security on all devices doesn’t need to be time consuming

Endpoint security software needs to be installed on each endpoint. This means that if your SMB has a BYOD policy at work each device should be known by IT, and software should be downloaded onto these devices. The physical act of downloading these softwares to endpoints does not often take long. But companies may worry – once the software is installed, how do you manage all of these devices?

Many tools offer a central dashboard that can control all endpoints. From here, whoever owns the responsibility for security in your organization can monitor all endpoints for any malicious activity. Endpoint tools also offer automatic patches. This way employees don’t have to manually download patches which some may ignore.

These features make it so that once the software is downloaded on the endpoints there is little to no intrusion for the employees. It also means that whoever is managing security in your SMB only needs to be on the lookout for security alerts. They should also know how to respond to possible incidents by forming a cyber incident response plan (CIRP).

Consider vendor sprawl

Vendor sprawl refers to the vast number of vendors that exist in the cybersecurity space. Vendor sprawl can cause a couple of problems. It can make it difficult to know where to start when looking to start purchasing solutions. It can also make it so that companies purchase more tools than they really need.

Small businesses have an average of 15-20 cybersecurity tools in their tech stacks. Medium businesses have an average of 50-60 security tools. Consolidating tech stacks can be an efficient use of resources. It is important to know all the features that the tool you are purchasing has, and also to make sure that tool will integrate well with your other tools. Having many tools makes it more likely that features will overlap (such as having two tools that offer anti-virus capabilities). The more tools you have the more difficult it becomes to keep track of managing access to those tools and the more time consuming it is for security teams to look at alerts and data from many tools.

One way to consolidate your tech stack is to purchase tools that cover a variety of functions. Endpoint security solutions often come with multiple capabilities. For example, some endpoint data loss protection tools are able to encrypt both external and internal hard drives, making them effectively an endpoint encryption tool as well. EDR tools often come with anti-virus and anti-malware capabilities as well. 

Layered security

It is generally recommended to use multiple layers of security. With layered security you do not have to worry if one layer of defense fails, as you will have other layers in place to hopefully stop the threat. A “Defense in Depth” approach emphasizes the use of multiple layers of security and assumes that no system is ever completely secure. Using a Defense in Depth approach means to consider physical, technical, and administrative controls.

Sourced from Imperva

This is why it is helpful to use both administrative security best practices along with purchasing software. The first layer of security may be giving employees education about how to spot phishing attacks. If this fails and an employee clicks on a malicious link, then the next layer of endpoint security could be your EDR tool. Should that fail to spot and isolate malicious activity, your endpoint DLP tool would encrypt data that hackers are trying to steal.

This is an example of layered security done correctly. Layered security does not mean purchasing multiple tools that do the same job. Instead, it means having different kinds of security measures in place. An important part of this is recognizing that endpoint security is just one piece of the puzzle – you must also have network security measures in place.

Endpoint security alone is not sufficient security

Endpoint security is critical to a company’s security, particularly for companies that utilize remote workers. Endpoint security on its own though is not enough. In fact, endpoint security can be seen as a last line of defense instead of the end all be all solution to security.

Network security refers to measures used to protect and control access and data of corporate networks. This includes measures such as firewalls, VPNs, WiFi security, and Network Access Control. When used together, endpoint security and network security provide a multilayer approach to security that is much more likely to be successful than focusing on just one of these areas.

Make the most of your tech stacks

Being able to make an efficient tech stack is a fundamental part in ensuring your SMB is secure. For small and large businesses alike it can be a daunting task. A large number of vendors offer similar products and diverse areas that need to be secured. It can be difficult to know where to start when purchasing software.

PeerWise is here to make that task easier. Our insights into tech stacks will allow you to confidently start picking the solutions that are right for you. Starting with the fundamentals in learning what a tech stack is and what it should encompass is the first step SMBs can take in planning their cyber strategy. PeerWise will be putting out more in depth articles looking at each area of your business that needs to be secured.