Simply defined, endpoint security protects desktops, laptops, servers, and fixed-function devices from malicious internal and external threats. Endpoint security combines various threat detection, response and prevention technologies to help organizations disrupt cyberattacks.
Despite the clear-cut definition, there’s still some confusion in the industry and market over what endpoint security is and is not.
Fortunately, the VMware Carbon Black Howlers, can help.
Stacia Tympanick, Sr. Solution Engineer and Greg Foss, Sr. Threat Researcher and Rick McElroy, Cyber Security Strategist and co-author of the recent VMware Carbon Black Global Threat Report: Extended Enterprise Under Threat, debunk 10 endpoint security myths.
Myth # 1 “No alerts means I’m not breached.”
False. Without the proper data and visibility to see the entire attack chain, organizations make can the mistake of assuming everything is fine and only the approved applications downloaded are running. Time and time again, we have seen this premise prove to be false. – Rick McElroy
Myth #2 “Antivirus is enough.”
Incorrect. 90 percent of all off-the-shelf malware has antivirus (AV) evasion techniques built in to purposely bypass traditional antivirus solutions. – Rick McElroy
Myth #3 “I can block 100 percent of all attacks.”
Not accurate. There are many scenarios in which security solutions cannot be deployed, tuned effectively or available. You must have a plan to detect what you cannot prevent and a rapid response plan when you do detect the behavior. Attackers will always try something new. Being able to detect and respond in a rapid effective manner is critical. – Rick McElroy
Myth #4 “I have a security perimeter.”
False. You can either have infinite perimeters or no perimeters. Given how users actually work, traditional security architectures assume there is a perimeter and try to enforce security controls around them. COVID-19 clearly highlighted what should have been assumed in security. Users want access to any application from any device at any time they need. Security solutions should be present where the data is interacted with. The perimeter is gone. Our security architectures should account for that. – Rick McElroy
Myth #5 “Network Security is enough.”
That’s incorrect. The recent attacks in Australia originated from a very sophisticated nation state leading to a breach of government and commercial entities. 85 percent of all the techniques, tactics and procedures the attackers used (keep in mind this is one of the most sophisticated APT groups on the planet) were endpoint-based. Only 15 percent didn’t involve the endpoint. Network security is not enough. – Rick McElroy
Myth #6 “Pay the ransom to get your files back and you’ll be fine.”
False. Ransomware is evolving to implement extortion, data theft resale, and additional means to make as much money from their victims as possible. – Greg Foss
Myth #7 “Endpoint protection products prevent system exploitation.”
False. Endpoint protection is designed to detect and prevent payloads that are leveraged during an attack, to mitigate the threat regardless of means of entry. Patching your systems is the best prevention against exploitation. – Greg Foss
Myth #8 “If a product ties into MITRE ATT&CK, it must be great.”
Incorrect. Challenge your vendors to take it a step further than just a checkbox approach of tying in alerts to MITRE. How are they integrating? How are they surfacing that data? Don’t take MITRE integration at face value. You need to examine the integration more to see if it is practical and operational. – Stacia Tympanick
Myth #9 “Implementing next-generation antivirus (NGAV) is as easy as traditional AV.”
That’s not true. Traditional AV looks at files and only alerts you when a malicious file is identified. The buck stops there. NGAV vendors incorporate and analyze behaviors. Regardless of the NGAV vendor you choose, it will take more time to implement behavioral blocking, but the return is worth it. – Stacia Tympanick
Myth #10 “The size of an organization dictates how mature their security team is.”
False. Don’t discredit smaller companies which may have more agility and just as much talent as a larger organization. – Stacia Tympanick
Looking for more insights? Be sure to check out these compelling resources:
Ask The Howlers: Cybersecurity Expert Roundtable Episode 1
Global Threat Report: Extended Enterprise Under Threat
