Blog

Call it job preservation, but hackers aren’t in the habit of helping their would-be victims avoid a data breach. But if there was a rogue double-agent hacker – one who secretly wanted to do the right thing and “break good” — here are the three things that he or she would want you to know about your organization’s endpoint security.

1. Lack of Endpoint Security is Like an Unlocked Door

In the aftermath of high-profile hacks at Target, JP Morgan, Sony (and the list of victims goes on), a great deal of cyber security discussion has focused on detection-based strategies. However, while detection is and always has been an important piece of the puzzle, some organizations have lost sight of a fundamental truth: deploying prevention-based security on endpoints is still the first and best line of defense.

The reason for this goes beyond the fact that prevention is — by far — a more cost effective security strategy than detecting an attack after-the-fact. It’s also not because endpoints comprise – again, by far — the largest area of the attack surface. It’s because hackers are searching for organizations with weak or porous endpoint security, and attacking them first.

And frankly, why wouldn’t they take this route? Much like burglars who start their prowl by twisting door knobs to see if a homeowner has made their imminent crime much simpler and less risky, hackers go after easy prey to carry out their illicit aims – and organizations that fail to deploy robust prevention-based endpoint security qualify for this notorious designation.

2. If Your Endpoint Security isn’t Layered, it’s not Secure

Sticking with the home invasion analogy: locking the front door is (obviously) a key way to keep burglars out. But if the windows are open, then the crime won’t be prevented. At most, it will be slightly delayed.

In the same way, organizations cannot assume that because the software or appliance they’re using claims to offer “robust endpoint security” that it is effectively covering all three layers of the attack surface, which include: 1) traditional PCs including desktops, notebooks and laptops; 2) client systems in a virtual desktop infrastructure (VDI); and 3) mobile devices, such as smartphones and tablets.

It’s beyond the scope of this article to describe all of the options that organizations should explore and, most likely, deploy to get the layered endpoint coverage that is required on today’s sophisticated threat landscape. Suffice it to say, it could include most or all of the following: anti-virus software, anti-malware software, desktop firewalls, HIPS, application control, DLP, VDI configurations, MDM, and NAC.

3. Virtual Containment Technology Protects Against Advanced Threats

Last and certainly not least, hackers definitely don’t want you to know that virtual containment technology thwarts advanced threats that cannot be blocked by other endpoint security technologies and tools.

This is because containers run Internet-facing applications (e.g. web browsers, email attachments, Skype, etc.) in their own isolated virtual environment on the endpoint. As such, if malware is downloaded, the malicious code cannot infect the endpoint, or cross over into the network and compromise the organization.  Furthermore, containers are nearly transparent to end users, and if they wish, organizations can enhance security by using a secure bridge to remove files from the container.

The Bottom Line

Detecting breaches after they occurred cannot be an organization’s primary cyber threat protection strategy. Prevention is still far more cost-effective; but only when endpoints leverage layered protection, and utilize virtual containment technology to keep advanced threats off the endpoint – and out of the network.