Next-Generation Defense
for Endpoints
Increasingly sophisticated threats demand advanced solutions
to defend organizations’ growing mobility deployments.
by | Melissa Delaney
Melissa Delaney is a freelance journalist who specializes in business technology. She is a frequent contributor to the CDW family of technology magazines.
Malware is no longer the domain of nerdy kids in basements hacking systems just to prove they can. Cybercrime is big business and harder than ever to thwart, because the perpetrators, arsenals and targets are constantly changing.
The toolkits that cyberattackers use are now commodities, and anyone with a credit card can purchase these tools to become a hacker. These exploits are also continually evolving into different forms, enabling them to evade detection and maximize damage.
“I always say if I had a nickel for every time I said, ‘Boy, I never thought that would happen,’ I probably wouldn’t have to work anymore,” says Dan Schiappa, senior vice president and general manager of the end-user and network security groups at Sophos. “Hackers will find ways you can’t even imagine to get through.”
Adding to the challenge of defending against these threats is the emergence of mobility, which has transformed virtually every industry. Mobile devices have increased workplace flexibility and productivity, but they have also exposed organizations to unprecedented cyberthreats.
Many organizations regularly patch servers, desktops and notebooks while ignoring the mobile devices that access their networks. Even if enterprises employ mobile device management software, they have a hard time ensuring that the personal devices employees bring to work have the latest operating systems or application updates, says Karen Scarfone, principal of Scarfone Cybersecurity.
The emerging Internet of Things market makes their jobs even harder, Scarfone adds. Many organizations don’t even realize that devices such as heating, ventilation and air conditioning systems, or IP-enabled warehouse equipment can expose their networks to attack.
As threats evolve, so must the defenses that organizations implement. In addition to deploying traditional security tools aimed at keeping hackers outside of networks, they need to rely on next-generation products that provide a breadth of coverage from each endpoint and throughout networks.
“There’s never been, in the history of cybersecurity, a protection that’s 100 percent perfect,” explains Schiappa. “So the idea is if a hacker finds a way around your machine learning, you’ll have some behavioral detection. If he finds a way around that, you have the ability to see if he’s using common exploit techniques. If you keep throwing all sorts of technologies at him, it becomes much more complicated for the attacker to circumvent them.”
430 million
The number of new, unique pieces of malware discovered in 2015
Source: Symantec, “Internet Security Threat Report,” April 2016
Mobile Malware: A Fast-Growing Threat
In March 2017, hackers claiming to hold hundreds of millions of iCloud account credentials threatened to wipe devices en masse unless Apple paid a ransom by April 7. Earlier that month, threat researchers discovered that 36 Android devices had been infected with malware before users even purchased them.
Such headlines stoke organizations’ growing fears of mobile threats. As recently as 2015, mobile threats were rare. But the mobile malware market has mushroomed. Here’s a glimpse at the scale of the problem:
- Symantec reported that 528 new mobile vulnerabilities were discovered in 2015, a 214 percent increase from the previous year.
- The number of targets keeps climbing. Billions of devices are connected to the internet today, and Microsoft projects that figure will climb to 50 billion by 2020.
- There was a 96 percent increase in the smartphone infection rate between the second half of 2015 and the first half of 2016, according to a September malware report by Nokia.
Evolving Threats Target Mobile Devices
Not long ago, most organizations focused their security efforts on network defense. But as the number of mobile endpoints grows and, in turn, the number of entry points, this approach becomes less effective, explains Sadik Al-Abdulla, director of security solutions at CDW. “Once hackers crack that outer shell, they have almost free rein.”
Their chances of success are growing, thanks to the commoditization of hacking tools. “There’s a complete business around the enablement of nontechnical people to be hackers,” says Schiappa.
A common strategy is for hackers to exploit vulnerabilities in websites and applications, then sell tools that enable others to take advantage of the same exploits. Ransomware is an example of malware that is often deployed via this model, says Schiappa.
Adding to the threat is the growing ecosystem of cyberattackers in search of zero-day vulnerabilities — weaknesses in applications that have gone undetected and therefore have not been addressed by software or security vendors. Once vendors discover vulnerabilities, they publish patches. Until then, however, hackers can take advantage of these holes.
Current threats are particularly challenging to deal with because they change as they move through systems, making them difficult to detect or stop. Schiappa says that 88 percent of the malware samples Sophos sees are unique to the organizations in which they’re found. “You need a broad set of technologies to protect against the unknown,” he adds.
Learn more about how CDW’s security solutions and services can help protect every layer of your network.
Backup Defenses
No security solution is foolproof. Even the most advanced next-generation tools can be felled by a user with a weak password or a click-happy mouse finger. Organizations should supplement their security solutions with nontechnical steps to keep their networks and endpoints safe. Security experts suggest four ways to guard against mobile threats:
1. Teach users to be skeptical. Paul Shelton, security practice technical architect at CDW, says phishing attacks are ubiquitous because users keep falling for messages such as those telling them to click links to reset their passwords. “You’ve worked there 15 years,” Shelton asks. “Have you ever gotten that before?”
2. Have an open-door policy. Users must know where to go for help, and they need an environment where they can ask questions without being made to feel stupid, Shelton says.
3. Educate users about strong password practices. Sadik Al-Abdulla, director of security solutions at CDW, states that longer passphrases with random characters, digits, punctuation and capital letters can go a long way toward thwarting hackers. He also warns against using the same passwords for multiple accounts and recommends using a password manager, which generates and stores unique passwords for different accounts.
4. Get back to basics. Telling organizations to maintain patches and updates may seem obvious, but malware still thrives on avoidable vulnerabilities, says Dan Schiappa, senior vice president and general manager of end-user and network security groups at Sophos.
Next-Generation Endpoint Defense
Security professionals face a difficult challenge in keeping enterprise data and applications safe while mobile deployments expand and threats evolve. Traditional security tools can be effective, but they need to be coupled with these next-generation technologies that provide a layered approach to securing mobile endpoints.
Behavioral analytics: This technology looks for behavior that is out of the ordinary, says Schiappa, because there are countless vulnerabilities — but only about 25 techniques that can exploit them, so they’re easier to spot. Security professionals employing behavioral analytics face a challenge in minimizing false positive alerts of cyberattacks, but as organizations create more behavioral rules, the technology can get better at spotting anomalies.
Tight integration of endpoints and the network: Rather than having separate systems monitor traffic on the network and endpoints, next-generation products tie them together to provide a holistic perspective. They share information about suspicious behavior and work together to isolate threats from the rest of the network and the internet.
Traffic detection and filtering: These tools observe outbound network activity on an endpoint, looking for suspicious activity. For instance, polymorphic attacks typically enter an endpoint with a limited amount of code, then contact a command-and-control center, from which they download their remaining payload or get further instructions. If a traffic detection tool spots communication with a command-and-control center, it can block the connection from that endpoint and cut off communication, says Schiappa.
Machine learning: This technique uses algorithms to analyze traffic in high volumes and identify threats. Machine learning is an evolving technology, but organizations can test malware against it and create policies to improve its effectiveness.
Containment and quarantine: Tools such as machine learning and behavioral analytics can help organizations spot malware. “What happens next is key,” says Al-Abdulla. Quarantine tools isolate malware from resources on the network and from the internet. Containment limits damage by detecting and responding to malware, such as conducting a forensic analysis to clean all remnants of an attack, Schiappa says.
Threat analysis and intelligence: While endpoint security vendors compete against one another, they also share information about threats so that next-generation tools — and the industry as a whole — can grow smarter. “Organizations in the security space need to be able to innovate quickly and effectively, because the bad guys are doing that,” says Schiappa. “If we can’t keep up with them, or in some cases jump in front of them, we’re in trouble.”
Featured Partner
Call us at 800.800.4239 to set up a consultation with a security expert.
MKT20151