An endpoint security architecture in the past means any personal device used by an end-user. It includes laptop desktop and other devices now it includes smartphones, IoT and other devices connected to a network. Endpoints need to be secured because they are easy to point of entry into a network. This is because gullible end users can be deceived through social engineering and attackers will have access to a network.
You also need to know that online connections have expanded which has also increased the attack paths for a network. In this article, I will be talking about all that you need to know about endpoint security architecture.
Before the advent of the internet, bad actors always rely on floppy disks to spread malware. Infected disks inserted into a computer will always infect other computers. This also includes all other connected devices such as CDs, DVDs and other removable devices. This attack path was limited in scope before the advent of the internet. The first endpoint products were antivirus. They are meant to scan devices for malware.
A virus always looks for specific characteristics and fingerprints of viruses in a particular device. If it found any documents or programs that have these characteristics, it could quarantine or expunge the program. All these changes were when businesses began to connect to the internet. Many more attack vectors became available to the criminals. Such as email phishing, infected website, BYOD and social media. These new opportunities proliferate the growth of malware from 10s of thousands per year to 100 of thousands per day.
Also, the bad actors begin to exploit security loopholes in an OS. Applications like web browsers and MS Office increases attack surfaces. There was the introduction of Polymorphic malware which can change its characteristics itself. This makes signature-based antivirus to become ineffective. This leads to the introduction of the Endpoint Protection Platform.
The technology of EPP is to prevent malware before it executes itself. It also prevents fire-based malware which is malicious software that is coded, that when opened can cause harm to devices. EPP is meant to prevent that. It makes use of Firewall based security. It provided many prevention-based services such as anti-virus, device, fireworm, web filtering, data protection through encryption. Device control is a technology that provides built-in security that detects, authorizes and secure removable storage devices.
Web filtering is a technology that enables a network administrator to control what type of website you are allowed to visit. Non of these techniques provide an ultimate remedy for endpoint protection. Web filtering for example is not the solution because malware can also be displayed as adverts on legitimate sites. Given the complexity of malware and attack paths, security professionals came to realised that it is difficult to block all attack paths. That is why a new strategy was developed called Endpoint Protection and Response.
Endpoint Protection and Security
EDR is software that detects, investigates and Respond to malware threats. It began as a Digital Forensic Investigation tool. It provides security analyst with a threat to intelligence. It helps them to analyse attacks and identify Indicators of Compromise. This allows them to detect malware that cannot be detected which have been on the network for months or years. This allows them to learn about attacks and record their characteristics.
This also allows Security Analysts to detect attacks in real-time. It also comes with remediation tools. This allows them to request more information from endpoints and come up with probable solutions. They can now use that as the basis for blocking specific IPs where an attack is coming from. This solution also has its own shortcomings.
Some of them use manual methods that were time-consuming and were too slow for fast-moving threats like Ransomeware. Configuring and using it also includes some analysis of alerts which always comes out as False Positives. That means EDR cannot detect all threats in real-time. They are also time-consuming for the Analyst. Vendors responded to the shortcoming by introducing Managed EDR.
This performs basic Alert Rehash and notifies the Analyst via email. Though EDR remains too slow and too complicated this leads to the introduction of second-generation EDR. Second Generation EDR. It was designed to be fast driven and automated. An analyst can now direct EDR to remediate problems and immediately proactively addressed them. It is now configured to respond in a particular way when problems are detected. Malicious activities can now trigger a response that can block those activities before they could do any harm. It can now stop and roll back ransomware in real-time.
This allows the EDR to now address threats without necessarily removing the device. Security professionals now find the need to merge EDR and EDD technologies. The new technology now includes both characteristics. This merger also removes integration concerns as it allows different anti-malware technologies to work together. It also comes with simplified configuration and management for Analysts.
EPP and EDR software now include other Intrusion Prevention control to improve security. The new technology can now neutralize malware at the pre-execution stage. It now includes other prevention controls to improve security hygiene. This includes the ability to identify critical vulnerabilities, which allows security teams to mitigate threats. They can create policies that address malware concerns, Machine Learning was also added as part of the new capabilities. This also helps to detect malware at the pre-execution stage.
Fortinet Endpoint Security Product
Fortinet came up with FortiClient and FortiEDR that can fully integrate with other security products. They can share intelligence and can be managed centrally in what is called Fortinet Security Fabrics.
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Fact Check Policy
CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.
|Monitor Your Keywords and Ranking, Join SEOPOZ Today|