Hygiene for devices and vigilance are keys to closing security gaps  

By Logan Gilbert, vice president of products, Ziften Technologies  

Cyber attackers love endpoints, because they are the lowest hanging fruit when it comes to evaluating weak points. Why? Most endpoints aren't patched. Next, users will often disable security controls.

Traditional AV won't stop Zero Day attacks that lack signatures. And when they penetrate the network, it takes months for you to find them. It costs ten to a hundred times more to recover from a breach than it does to prevent it.

Three trends have been cemented over the last three years. Big data, artificial Intelligence (AI),  the cloud are the biggest shifts. Yet overall, a lack of skilled resources has driven a generational shift in endpoint protection.

Unknown attacks are the enemy - as 75% of breaches today are from zero-day type (polymorphic) or single use malware.  End oints, which used to be Microsoft driven personal computers in previous decades, are no longer limited to a few brands and operating systems.  Apple devices, Macbooks, iPhones and mobile tablets are a huge portion of the attack surface. They must all be protected. Relying on a software OS vendor to provide security has never worked well enough as attackers go right around them.

This means that endpoint protection is the frontline security defense. Endpoints are the most exposed and easiest attacked assets. The problems to overcome are first, too much complexity, second, legacy type AV protection that doesn't stop today's attacks, and lastly, a complete lack of visibility across differing network tiers, virtualized assets that will swamp network teams resulting in inevitable failure, preventable security breaches, and unnecessary costs.

The Most Practical Advice: System Hygiene and Vigilance

System hygiene is a big failure point in cybersecurity - as a majority of breaches are against unpatched known vulnerabilities. And lack of visibility prevents efficient and appropriate response when necessary. zero-day protection, complete investigation, response, and security posture analysis.

The most straight forward advice for network pros is to assess -- and then reassess IT infrastructure. By performing network penetration tests, reviewing and refining network segmentation, and monitoring continuously for traffic or data-flow anomalies, enterprises can head off trouble before a crisis ensues.  AI and machine learning can play a role here, with sophisticated analysis of events as they occur.

Beware of configuration problems when major software upgrades occur.  Because enterprise networks are complex and often in flux, they become even more susceptible to attacks. A single careless configuration error can land a company on the list of those that have been breached.

Attackers are stealthy and have the capability to constantly probe networks for weaknesses, which means any misstep could result in costly consequences.

To avoid putting networks at risk, your IT team should reassess network protections and revalidate network segmentation both on the premises and in the cloud. The network team  should be conducting network penetration tests and monitoring for abnormalities in data flow and traffic.

To capture events and detect unusual activity, create a block diagram of all cyber assets. Label it with the tools employed to observe and analyze each type of activity. If there are gaps, make a plan to address them.

Ensuring visibility of cloud services, networks, systems, applications, database and user sessions is vital, either by an internal security operations center (SOC) or by a managed security service provider (MSSP). Attack activity is the rule, not the exception. Perimeter protections serve an important purpose, yet they're insufficient as they can too easily be subverted. Take inventory and retire systems, devices, applications and entitlement grants that are no longer trustworthy.

Using the above knowledge and procedures, organizations can greatly decrease the odds of being the victim. The bottom line in the world of cybersecurity is that there's never a time when an enterprise should feel as though it isn't vulnerable. Endpoint security should always be top of mind. Protect the network and watch for anomalies.

##

About the Author

Logan Gilbert serves a vice president of products for Ziften Technologies based in Austin TX, where he is responsible for leading the security solution vision from conceptualization to delivery to provide customers with unprecedented endpoint protection and visibility. Gilbert is a 20 year security industry veteran with direct experience as a technology solution architect and CISO, a product leader, business development executive and a network security analyst. Prior to joining Ziften, Gilbert worked at 21CT, leading several research and development efforts for Department of Defense (DOD) research organizations, including research related to cyber security, from which he earned his first patent (U.S. Patent 7,530,105: Tactical and Strategic Attack Detection and Prediction).  Several of these efforts transitioned as operational solutions still in use by his former customers at the 25^th Air Force and other intelligence agencies.  Logan held a Top Secret clearance during his time at 21CT.  Gilbert holds a Bachelor of Science, from the University of Texas, College of Computer Science.