Re-Imagine Endpoint Protection (Even if You Don’t Have EDR)

Enterprise endpoints (laptops, workstations, servers, mailboxes, etc.) have historically been a primary vector of cyberattacks that led to major security incidents and breaches. The latest Verizon Data Breach Investigations Report testifies that user devices were involved in 30% and servers – in 63% of data breaches. Ponemon Institute’s 2020 “Study on the State of Endpoint Security Risk” covering 671 IT security professionals reports that 68% of organizations suffered “an endpoint attack that compromised data assets and/or IT infrastructure in the last 2 years.”

In addition to being prevalent, endpoint-related breaches are extremely costly. The Ponemon Institute study estimates the average cost per breach resulting from an attack on endpoints to be $8.94 million (a 26% increase from $7.12 million the previous year), which is 2.3 times higher than the $3.92 million average cost of a general data breach (as reported by IBM’s 2019 Cost of a Data Breach Report).

With the world tackling the COVID-19 pandemic and most knowledge workers operating remotely, risk from endpoints has further increased. First, most end-user devices now live outside of corporate firewalls, radically expanding the attack surface. Second, malicious activity exploiting the pandemic has drastically increased with phishing and malware-laced emails (e.g., touting “government” announcements on the pandemic), malicious web sites (e.g., with COVID-19 maps), and other bait for the unwary. As a result, endpoint security’s role in defending an organization’s assets and data has become of paramount importance.

User devices were involved in 30% and servers – in 63% of the data breaches covered in the 2019 Verizon Data Breach Investigations Report.

Deploying Endpoint Detection and Response solutions (EDR) alongside Endpoint Protection Platforms (EPP) has become a best practice in endpoint security. In the report “Critical Capabilities for Endpoint Protection Platforms,” industry-analysis firm Gartner states that “prevention is still the primary goal of EPP solutions; however, prevention is no longer enough. Evasive threats require fast and effective attack detection and response capabilities.” At the same time, EDR “solution complexity and attack complexity are driving an increased need for incident response support and skilled administrators.”

Consequently, EDR adoption has been higher among large enterprises with well-resourced Security Operations Centers (SOC) or businesses with enough funding to outsource endpoint security to a managed detection and response (MDR) service provider. Organizations with lower security budgets, expertise, and levels of staffing, however, often rely on traditional EPP alone. The Ponemon Institute survey proves the point: 64% of respondents’ employers don’t have EDR due to a lack of budget or staff to support it, among other reasons. What makes things worse is that “51% of respondents say their organizations are ineffective at surfacing threats because their endpoint security solutions are not effective at detecting advanced attacks” and estimate that their anti-virus misses 60% of threats.

The average cost per breach resulting from an attack on endpoints is $8.94 million (Ponemon Institute), which is 2.3 times higher than the $3.92 million average cost of a general data breach (IBM).

To summarize, the current state of endpoint security is that attacks are prolific and costly, yet many organizations are not equipped to defend against them – they don’t use EDR and their EPP solutions miss the mark. So, what are they to do? Bitdefender recommends opting for stronger prevention enhanced with technologies to reinforce security posture: harden defenses, reduce risk, and uncover the threat landscape. Specifically, organizations should:

  • Choose solutions incorporating multiple layers of machine learning and other technologies to block advanced threats, including file-less and zero-day attacks (as an example, check out this video showing how Bitdefender HyperDetect tunable machine learning fends off a file-less attack)
  • Continuously manage risk coming from endpoint misconfigurations and vulnerabilities (each holding a spot on the OWASP Top 10 list of critical security risks). “The overwhelming majority of threats target well-known application and configuration vulnerabilities,” Gartner® analyst Peter Firstbrook states in the report entitled “Prepare for Endpoint Protection Shifting to the Cloud”. “Indeed, one of the resounding lessons learned from attacks like WannaCry is that simple configuration changes can make organizations immune to threats.” So, companies should proactively harden systems against advanced threats by addressing endpoint misconfigurations and vulnerabilities. Read the Bitdefender whitepaper “Reduce the Attack Surface by Tackling Digital Risks” to learn more.
  • Understand their unique threat environments by regularly analyzing the attacks stopped by prevention engines. Traditional EPP solutions provide only limited awareness of the threat landscape – they produce reports without explaining why threats were qualified as such and blocked, how they unfolded, and whether any sensitive information was lost as the attack progressed. Organizations should know their threat landscape, so they can reinforce their security posture against the key vectors that the attacks on their environment exploit.

To provide organizations the capabilities needed to implement this framework in a single package, Bitdefender has created GravityZone Elite – an integrated next-generation endpoint protection, risk management, and attack forensics platform for all types of endpoints and email. GravityZone Elite uniquely delivers:

  • World’s strongest prevention, so companies can automatically stop 99% of attacks with an award-winning prevention engine that combines over 30 technologies, including tunable machine learning​, sandbox analyzer, anti-exploit and behavioral analysis
  • Endpoint hardening and risk management, so organizations can strengthen security posture with integrated device- and application control, patch management, encryption and other technologies, and leverage integrated Risk Management and Analytics to continuously address endpoint risk by assessing, prioritizing, and fixing misconfigurations and vulnerabilities
  • Attack forensics and visualization, so customers can gain insight into their threat environment and perform forensic analysis by zeroing in on attacks specifically aimed at their organization, visualizing the attack kill chain, and performing required remediation.

Watch the webinar “Re-Imagine Endpoint Security” to learn how your organization can defend itself with stronger prevention enhanced with security-posture-reinforcing technologies of GravityZone Elite. See why the time to re-imagine your endpoint protection is now.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Michael Weinstein. Read the original post at: http://feedproxy.google.com/~r/BusinessInsightsInVirtualizationAndCloudSecurity/~3/kLA8Yyajnqs/re-imagine-endpoint-protection-even-if-you-dont-have-edr