Scroll Top

Endpoint Security’s Evolution is a Big Deal. Here’s Why.

Home Endpoint Security’s Evolution is a Big Deal. Here’s Why.

By Jennifer Mellone Insight Blog Security October 13, 2021

If the term endpoint security still evokes images of signature-based antivirus software, it’s time for a refresher on how critical this technology is to your organization.

Time seemed to speed up over the past 18 months, with so many changes taking place in such a short period. For example, within the business world, digital transformation initiatives accelerated by seven years, according to a survey from McKinsey & Company. Besides the massive shift to remote work and new collaboration technologies, many companies had to update their security strategies.

One technology that’s evolved significantly over this period is endpoint security. If this term only evokes memories of signature-based antivirus, here’s a much-needed refresher to help get you up to speed.

What is endpoint security?

Like other kinds of security, endpoint security is a critical part of a company’s multi-layered defense strategy. This type of security includes protecting the points at the end of a network connection—from workstations, laptops, physical servers, and virtual machines to smartphones and tablets, and Internet of things (IoT) devices, such as IP cameras and medical equipment.

User endpoints such as laptops and workstations are particularly vulnerable because they are sometimes loosely hardened and unpatched. Plus, laptop and workstation users typically use email applications and the web, which are primary threat vectors. Once an attacker gains access to an endpoint device, they like to move laterally to servers to look for sensitive data to steal. Attackers rarely target network security devices such as routers and switches, but they will target endpoints, which are considered lower hanging fruit, like laptops and workstations.

How endpoint security has evolved in recent years

Years ago, endpoint security was primarily composed of antivirus software, which relied on installing “signatures” identified by security vendors to defend against known threats. However, as zero-day threats became more common, signatures became less and less effective.

Next-generation antivirus (NGAV) introduced an approach where it could identify malware without using signatures with the help of machine learning (ML) and artificial intelligence (AI). While this technology continues to improve, it’s not always effective at detecting fileless malware. Also, hackers are now using AI to engineer malware that intelligently evades NGAVs, lowering their effectiveness.

A complementary technology to NGAV, endpoint detection and response (EDR), refers to tools used to detect, provide visibility, monitor and investigate suspicious activities within endpoints. EDR solutions allow security departments to perform console alerting and reporting, advanced response to security incidents, broader geographic support over large regions, managed detection and response (MDR) and third-party integration.

There are additional endpoint security tools and services that work with NGAV and EDR. Here are a few examples of these tools and a short description of their functionality:

Application control can block unwanted software (i.e., malware) from running on a point-of-sale system that processes credit card data, for example.
Device control can prevent unwanted USBs (potentially infected with malware) from being plugged into a high-value database server but allow controlled USBs to be used by authorized system administrators.
Data loss prevention (DLP) looks for data exfiltration, whether it’s malicious, intentional or unintentional. For example, DLP can be configured to block sensitive information from being exfiltrated, such as social security numbers (SSNs). So even if a user unintentionally tries to copy a file containing SSNs to a USB, the DLP could stop the process.
Insider threat monitoring tools look at user behavior by examining their activity and monitoring them for threats. For example, why did a receptionist log into the database? That activity isn’t a regular part of a secretary’s job description. DLP and insider threat tools exhibit some similar capabilities.
Host-based firewalls have been around for a long time, but today’s tools are used to manage the operating system’s (OS’s) native firewall for last-ditch protection. The same management principle applies to full disk encryption, which is highly recommended to prevent data theft should a laptop be lost or stolen.
Client management and mobile device management (MDM) go hand in hand to ensure traditional endpoints and mobile endpoints are patched to address the latest vulnerabilities and are securely configured.

Avoid these endpoint security pitfalls

The primary mistakes companies make with endpoint security technology are operational. For example, it’s critical to keep the tools up-to-date, especially with NGAV. It’s acceptable for a tool to have signatures. Still, it must also incorporate more advanced detection methods (e.g., machine learning algorithms, static/dynamic analysis) to identify modern threats such as ransomware, memory attacks, and Power Shell attacks.

When going through the testing cycle for proofs of concept for the tools, it is crucial to ensure that the software is compatible with your operating system and applications. I recall a customer who had a custom Linux implementation that exhibited performance problems that even the vendor could not resolve. Another customer didn’t size the endpoint tool server per the vendor’s recommendations, which caused issues with the tool. Consulting services may have helped these customers.

Best practices and final thoughts

Choosing the best endpoint security tools and solutions for your company starts with knowing what data is stored, processed, transmitted or otherwise “touched” by your endpoints. Next, perform a risk assessment for the data and decide which tool(s) you should employ to mitigate the risk. Bear in mind not all endpoints are created equal; a point-of-sale system will typically be more “locked down” than a user’s laptop. Additionally, a point-of-sale lockdown mechanism wouldn’t necessarily be appropriate for a high-performing database server.

In a nutshell:

Know your data and your compliance requirements
Define the use cases for the endpoints in your organization
Size the tools for the job following the vendor’s recommendations
Configure everything to best practices
Test the tools on all your operating systems and ensure they don’t interfere with one another and with key applications
Perform malware/exploit/penetration testing on the endpoints outfitted with the tools
Record the findings and compare the results
Get training on the tools

And finally, be realistic. No single product perfectly covers all aspects of endpoint security; more often, a combination of tools is required. Contact Presidio for assistance if you don’t have the bandwidth (or interest) to evaluate and pilot various tools and solutions.

Jennifer Mellone

+ posts

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use nonessential cookies that help us analyze and understand how you use this website and enhance your user experience. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other".
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
Zoominfo	session	Zoominfo uses technologies to collect and store information when you interact with services it offer to their partners, such as advertising services or analytics. All of those processes are meant to improve your user experience and the overall quality of our services.

Analytics

Analytics cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_111355416_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	This cookie is set to let Hotjar know whether the user is included in the data sampling defined by site's pageview limit.
_hjIncludedInSessionSample	2 minutes	This cookie is set to let Hotjar know whether the user is included in the data sampling defined by site's daily session limit.
_hjTLDTest	session	Hotjar test cookie to check the most generic cookie path it should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
oktgid	1 year	This cookie is used for storing the visitor ID of the user who clicked on an okt.to link.
oktsid	session	This cookie is used for storing the session ID of the user who clicked on an okt.to link.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
personalization_id	2 years	Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by YouTube and is used to track the views of embedded videos on YouTube pages.

Other

Other uncategorized cookies are those that are being analyzed and have not yet been classified into a category according to their type and purpose.

Cookie	Duration	Description
__gwtCookieCheck	session	This cookie is used to check if the visitors' browser supports cookies.
AnalyticsSyncHistory	1 month	These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
li_gc	2 years	These cookies are used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
UserMatchHistory	1 month	LinkedIn - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Endpoint Security’s Evolution is a Big Deal. Here’s Why.

Jennifer Mellone

UJIMA

VETs

WONDER

PRIDE

Mental Health Matters

KEVIN FLEURIE

Dan O’Brien

BRYAN CALDER

ROBERT KIM

VINCENT TRAMA

WAHEED CHOUDHRY

CHRIS CAGNAZZI

BRID GRAHAM

MICHAEL KELLY

KEVIN WATKINS

JENNIFER JACKSON

MANNY KORAKIS

JUSTIN FILIA

GOPINATHAN PANDURANGAN

STEVEN PALMESE

ELLIOT BRECHER

BARBARA ROBIDOUX

Please select your venue city and
complete registration form below.

Please complete registration
form below.

Dave Hart

CHRIS BARNEY

JOHN HANLON

Greg Hedrick

Courtney Washington

CHRISTINE KOMOLA

VINU THOMAS

JULIETTE AUSTIN