You've heard it before- cybercriminals are becoming more and more advanced. Cyberattacks against business devices are on the rise. For this reason, it’s absolutely crucial that your organization, whether a fortune 500 company or a 5-person team, has an effective cybersecurity plan in place to detect and stop attacks. An important part of this should be implementing strong endpoint security on all of your company devices, with a management portal that allows you to monitor and update your endpoints from anywhere.
Before we dive into endpoint security, we first need to define what an endpoint is. An endpoint is an end-user device that can access the corporate network or other sensitive data. These include things such as laptops, tablets, mobile phones, desktops, and more.
Endpoint security is the practice of securing all the devices that your employee's use for work or have the ability to access the corporate network with. The purpose of endpoint protection is to protect your organization from cybersecurity threats, such as ransomware. These types of solutions can detect, analyze, and block malware and other types of cyberattacks. Because endpoints connect back to the network, they are prime targets for cybercriminals as they can steal data from the device itself as well as compromise the entire network.
Endpoint Protection can be deployed on-premises or in the cloud, depending on your organization's preference. These platforms, known as endpoint protection platforms, or EPP, examine files as they enter the network and compare them with a cloud-hosted database of malware information. These platforms often use real-time machine learning to help keep your organization safe from cybersecurity threats. Because of this, endpoint protection solutions can often detect more complex and advanced threats than ever before such as:
1. Fileless malware- This is a sophisticated type of malware that uses legitimate programs to infect a computer. Because there is no file, like with traditional malware, and it is disguised by real programs, it often goes undetected by traditional anti-virus software.
2. Zero-day attacks- When developers release new or updated software, it can sometimes include a vulnerability. A zero-day attack occurs when cybercriminals notice this vulnerability and writes code to exploit it before the developers can fix the problem. These attacks are nearly impossible to detect in the beginning.
3. Polymorphic attacks- Polymorphic, meaning "many forms", is a straightforward way to describe this complex malware. Polymorphic malware constantly changes its features, like file name or encryption keys, to avoid being detected by anti-virus software.
4. Juice Jacking- This type of threat involves modified USB ports configured to infect devices with malware. These are often found in public, disguised as free charging stations. If your users travel often for work, this could become a concern.
Endpoint protection gives your IT team the ability to customize the security you receive. IT administrators can access a centralized console installed on your network gateway or server to control the endpoint's security. The software assigned to each endpoint by the method of direct installation, remote management, or Security as a Service (SaaS) allows IT administrators to enforce corporate policies on endpoints and push updates as needed, without disrupting your employees. Additionally, policies can be set depending on the individual employees and what they need to access, similar to the cybersecurity concept of least user privileges.
As cybercriminals get more advanced, you need protection that keeps up with them. A 2020 study by the Ponemon Institute, a leading institute in cybersecurity research, found that over a 12 month period, 68% of organizations experienced one or more endpoint attacks that successfully compromised their data or infrastructure. Endpoints are a gateway to your entire network and all corporate data, so protecting endpoints is an important step in full network security. This can be especially crucial for organizations that allow remote work or have BYOD policies, as they are less likely to be secure than configured corporate devices. The same 2020 study by the Ponemon Institute found that 80% of successful breaches were new or unknown zero-day attacks, which endpoint protection solutions can help defend against that traditional anti-virus software cannot.
Endpoint Security versus Anti-Virus Software
At this point, you may be wondering what the difference is between endpoint protection and anti-virus software. These two types of cybersecurity protection are similar as both their purposes are to recognize and prevent malware from entering your organization, but they do have their differences.
Antivirus software relies on signature-based malware detection and prevention. Some malware has a typical footprint or pattern associated, such as a byte sequence in network traffic. The antivirus software will recognize this pattern as malicious and shut it down, protecting your network. Unfortunately, as cybercriminals become more sophisticated, so does the malware they use to infect your organization. There are newer, more complex forms of malware that traditional antivirus software cannot catch because there is no signature associated with it, such as fileless malware or polymorphic attacks defined above. Additionally, with anti-virus software, support is standardized, leaving little to no room for your IT team to customize.
On the other hand, endpoint security works by protecting and securing your organization's corporate devices. These endpoints act as gateways to your entire network, so if malware were to compromise even a single device it could wreak havoc for your whole organization. The centralized portal allows your IT admin to monitor endpoints, keep track of potential problems or suspicious activity, and provide support based on device. Rather than using signature-based detection and prevention, endpoint security can provide features and benefits such as:
1. Sandboxing- Sandboxing can help identify fileless malware that exists within legitimate programs. This happens by the endpoint protection software creating an isolated virtual environment, also knows as a sandbox, to run the program and monitor the outcome. If malware is released, endpoint protection can recognize that the program is faulty and reject it.
2. Data loss prevention- While this isn't a backup and recovery solution, by protecting the endpoint, the software also protects the data that exists within the endpoint.
3. Data encryption- Unlike antivirus software, only endpoint protection blocks data from being accessed by unauthorized parties.
While there are many options your organization has for endpoint protection here are three of our most recommended solutions.
1. Webroot Business Endpoint Protection
Webroot Business Endpoint Protection is a popular option for small businesses searching for an endpoint security solution. Their cloud-based management console is streamlined to quickly and effectively deploy the solution and scan endpoints. This management console recently got an upgrade to improve the user-friendly interface, improve remediation workflows, and reduce the likelihood of errors. Additionally, with Webroot's Evasion Shield, your organization can be protected from the most complex cyberattacks such as fileless scripts, malicious Java or PowerShell scripts, and allow your admin to whitelist legitimate scripts. This highly effective solution is a great choice for any organization and you can even try it out for 30-days with their free trial.
If your organization is already utilizing Microsoft Office 365, Microsoft Defender for Endpoints can be the right solution for you. Microsoft Defender utilizes Intune mobile device management to create a holistic endpoint protection solution. They leverage big data analytics and device learning to identify insights, detections, and recommended responses. With advanced threat intelligence generated by Microsoft Security teams and partners, Microsoft Defender keeps up-to-date on attacker tools, techniques, and procedures, leveraging them to your organization's benefit. This solution integrates with several other Microsoft security solutions, such as Microsoft Azure Sentinel, Cloud App Security, and more to ensure your network is fully secured.
3. Malwarebytes Endpoint Protection for Business
Malwarebytes Endpoint Protection for Business is a comprehensive, lightweight solution for endpoint security. Using their patented goodware model, they whitelist vetted code from known vendors as well as other code that passes rigorous inspection, saving it in the library for future knowledge. Additionally, by testing for both malicious code and bad behavior in each stage, you can be sure that you are protected from start to finish. With simple management and precise detection at the point of attack, this solution is one of the most complete and effective endpoint protection solutions, even against complex cybercrimes such as zero-day attacks.
A Microsoft Secure Score is a measurement of an company’s security posture, 1-100. The higher the rating, the better their security score.
Following the Secure Score recommendations can protect your organization from threats. From a centralized dashboard in the Microsoft 365 Defender portal, organizations can monitor the security of their Microsoft 365 identities, apps, and devices.
By finding out your score you will:
Report on the current state of the organization's security posture.
Improve their security posture by providing discoverability, visibility, guidance, and control.
Compare with benchmarks and establish key performance indicators (KPIs).
When your organizations completes this test, you will have clear sight of the metrics, trends, and integration of your Microsoft products. When you know this, you will also be able to compare your ratings with similar organizations, and find out which areas need improvement.
The following actions will help to increase your security score:
Configuring recommended security features
Doing security-related tasks
Addressing the improvement action with a third-party application or software, or an alternate mitigation
Some improvement actions only give points when fully completed, and some give partial points if they're completed for some devices or users. If you can't or don't want to enact one of the improvement actions, you can choose to accept the risk or remaining risk.
Scores are updated in real time to reflect the information presented in the visualizations and improvement action pages. Secure Score also syncs daily to receive data about your newly earned points each subsection.
How Improvement Actions are Scored
Each improvement action is worth 10 points or less, and most are scored in a binary fashion. If you implement the improvement action (create a new policy or turn on a specific settin), you get 100% of the points. For other improvement actions, points are given as a percentage of the total configuration.
For example, an improvement action gets you 10 points by protecting all your users with multi-factor authentication. You only have 50 of 100 total users protected, so you'd get a partial score of 5 points (50 protected / 100 total * 10 max pts = 5 pts).
Products Included in the Security Score
Currently, there are recommendations for the following products:
Microsoft 365 (including Exchange Online)
Azure Active Directory
Microsoft Defender for Endpoint
Microsoft Defender for Identity
Defender for Cloud Apps
Microsoft Business Premium: Endpoint Free Add-On
As of last year, Microsoft has added Microsoft Defender to its current Microsoft 365 Business Premium package. This application used to be $4 a user to add on, but now, it's a complimentary add-on to your purchase of Business Premium.
This offer is suited for small businesses and has a cap of 300 users or less.
Computers managed with Microsoft 365 Business Premium are secured with Microsoft Defender Antivirus, the No. 1 antivirus feature on Windows 10. This application protects PC’s from viruses, malware and spyware more than any other solution. With an upgrade to Microsoft 365 Business Premium, organizations can rest assured knowing that Microsoft Defender Antivirus protection is running, and always up to date on their Windows 10 devices.
Another feature included with Business Premium is Microsoft Defender Exploit Guard, a new set of intrusion prevention capabilities.
How users benefit with Endpoint:
Antispam protection for all devices and email content
Antimalware for all 365 email content, messages and attachments
Next Generation Protection- Microsoft Defender Antivirus on your devices and in the cloud
Endpoint detection and response- get behavioral detection alerts and identify persistent threats
Automated investigation- Reduce the alert volume and remedial threats
Integration- Endpoint allows the customer to integrate their security data into existing platforms. For example, migrate your Defender for your business into an event management tool for maximum security and awareness of unusual activity.
Endpoint Security is an important aspect of total network security, as these devices act as a gateway to your overall IT infrastructure. While traditional anti-virus software is better than nothing, it can't keep up with the cybercriminal's ever-advancing techniques to compromise your network. With endpoint protection solutions such as Webroot, Microsoft Defender, and Malwarebytes, your organization can remain secure from even the most complex forms of malware, saving your organization time and money. Overall endpoint protection is a crucial part of any IT infrastructure or network security plan, and important to implement regardless of the size of your organization.
To see what Endpoint Protection solution is right for your organization's criteria and budget, contact us today to schedule a free consultation.