Forty percent of enterprises polled in Ponemon Institute's 2014 State of Endpoint Risk Report said their endpoints had been the entry point for an Advanced Persistent Threat (APT) during the previous 12 months.
To make matters worse, just 24 percent said their endpoint security technologies alerted staff to a potential breach. Securing the vast array of endpoints used by employees is challenging organisations of all sizes. However, IT and IT Security staff must address the tremendous risk posed by inadequate protections on endpoints. Managing and securing endpoints effectively against today's threats requires companies to mix anti-malware capabilities with a high level of visibility and behavioral-based detection. By arming itself with these weapons, an organisation has a chance to not only detect threat actors and their tradecraft, especially when they employ evasive tactics, but to also slash the amount of time it takes to respond to attacks and minimise the damage they cause.
Perhaps now more than ever, endpoint security requires a comprehensive approach. In this white paper, we will discuss how businesses big and small can effectively fight back. There is a famous – if possibly apocryphal – quote from bank robber Willie Sutton, where he supposedly said he robbed banks because, "that's where the money is." Whether he actually said that or not, the underlying logic of the quote goes a long way to explaining why attackers are interested in endpoints. They are easy to exploit. Compromising endpoints is how attackers go after corporate data. By targeting endpoints, they can get at the data stored on the machine, as well as move through the network and steal information.
With the traditional concept of a network perimeter essentially extinct, the importance of a sound endpoint security strategy has never been clearer. The problem is that protecting the endpoint has not been easy. Traditional anti-virus is signature based, requiring security researchers see something before developing a signature or countermeasure. In a sense, there has to be a victim or victims of a given exploit before a protection can be created and applied to a broader population. Of course, this does not address the increasing use of evasive tactics such as modifying malware to bypass these traditional controls, or the threat actor who leverages tools native to the target's environment.