Endpoint security needs multiplied due to the “internet of everything”
Endpoints can range from the more commonly thought of devices like laptops, tablets, and mobile devices, to printers, servers, and even ATM machines and medical devices. If a device is connected to a network, it is considered an endpoint. With the growing popularity of BYOD (bring your own device) and IoT (internet of things), the number of devices connected to an organization's network can quickly reach into the tens (and hundreds) of thousands.
Because they are entry points for threats and malware, endpoints (especially mobile and remote devices) are a favorite target of adversaries. Mobile devices have become much more than just Android devices and iPhones—think of the latest wearable watches, smart devices, voice-controlled digital assistants, and other IoT-enabled smart devices. We now have network-connected sensors in our cars, airplanes, hospitals, and even on the drills of oil rigs. As the different types of endpoints have evolved and expanded, the security solutions that protect them have also had to adapt.
The latest SANS endpoint security survey highlights the importance of implementing a comprehensive endpoint protection solution. Some of the key findings from this survey include:
- 42% of respondents reported that their endpoints had been breached.
- A variety of threat vectors were used, including web drive-by (63%), social engineering/phishing (53%), and/or ransomware (50%).
- Only 47% of attacks were detected by antivirus.
- 32% of compromises were detected by SIEM alerts.
The evolution of virus protection—from signatures to machines
The endpoint security business began in the late 1980s with antivirus software that could recognize malicious software (malware) by their signatures. The first endpoint antivirus tools searched for changes in file systems or applications that matched known patterns, and flagged or blocked those programs from running. As the internet and e-commerce gained popularity, malware became more frequent, more complex, and more difficult to detect. It also no longer relies on signatures, and the industry is seeing a rise in fileless malware. Today, fighting malware is much more of a team sport, and antivirus software is just one of many weapons.
This increase in weapons brings more complexity. The rapid growth of security products with overlapping functionality and separate management consoles can make it difficult for many organizations to get a clear picture of potential attacks. Security teams, after years of bolting endpoint security point products together, often end up managing multiple agents and consoles—with little to no integration or automation.
Recent research shows that isolated endpoint solutions can't keep up with sophisticated, emerging threats. Tactical security firefighting can be replaced with integrated, multistage defenses that adapt to outsmart attackers. The latest endpoint protection requires finding and correcting hidden attacks in seconds, not months. This requires a closed-loop system that automatically shares threat intelligence between connected components to detect, resolve, and adapt to new attack strategies. Integrated multistage protection lets organizations collaborate, share threat insights, and act efficiently to combat future threats.
We're now at a stage where humans can’t do it alone—and are teaming up with machines. Machine learning and artificial intelligence are enabling endpoint defenses to evolve at nearly the same speed as the attacks. Traditional capabilities such as firewall, reputation, and heuristics are combined with machine learning and containment to stop the most advanced attacks.
Advanced endpoint security solutions
McAfee offers a full range of solutions that combine powerful endpoint protection with efficient endpoint management. McAfee Endpoint Security combines established capabilities such as firewall, reputation, and heuristics with cutting-edge machine learning and containment, along with endpoint detection and response (EDR) into a single platform agent, with a single management console. The resulting integrated endpoint protection platform keeps users productive and connected while stopping zero-day malware, like ransomware, before it can infect the first endpoint.