We are constantly being bombarded with questions around the security of our data, but what about security for the devices needed to connect to that data? The world is a changing place and for those inclined to be unsavoury characters, a great place to anonymously make ill-gotten gains from unsuspecting victims who thought they were doing due diligence with their base-model anti-malware and anti-virus programs. After multiple data breaches, we now realize that these solutions are weak. And, no matter how much back-end security you throw money at, your security solution is not really fool-proof if you overlook the endpoint. The culture of Bring Your Own Device (BYOD) to work just exacerbates the issue. In the news, we see that almost every breach has similarities: firewalls were in place, as was anti-virus. This doesn't help with file-less attacks though, because if there is nothing to scan, then there is nothing to stop. Why is the endpoint so critical? If a hacker is able to infect your endpoint and impersonate you to gain access, then you have the potential for big problems with not only brand reputation, but also with the authorities if a breach occurs.
Securing the endpoint helps somewhat with being able to mitigate this type of attack. Zero-day attacks are notoriously difficult to spot, which is why defense in depth is a good practice. This starts with educating perhaps the most insecure part of the business: humans, specifically, the people who wish to access your data.
As mentioned, zero-day attacks are not frequently picked up by anti-virus, anti-malware, and IDS/IPS devices, but a method that can enhance the endpoint security is to encrypt it. Bad actors are typically only looking to steal data from your device or the device it's accessing (with exception to ransomware), which is why machine learning, and posturing, is important in today's landscape. By learning the difference between good and bad, either via keystroke behaviour (bot) or DNS inspection (command and control, phishing or malware propagation, DNS exfiltration), this is a good place to start to fingerprint the machine. Doing so gives it a valid identity and grants access to successful applicants. By adding DNS security and looking early in the kill chain, this has massive potential to not only stop the breach dead in its tracks, but can also spot some zero-day attacks that use well known command and control domains or domains that follow certain suspicious patterns of operation.
Authentication is another way to help reduce the amount of breaches we see on a daily basis. Only allowing people access to required applications and being able to track and log these sessions at an application level is golden. Network-level access allows attackers to land and expand, run port scans, propagate root kits and other network nasties that are very hard to track. Specifically, if only 80% of your network is patched, look for these types of attacks. By utilizing identity proxies and providing multi-layered authentication, plus posturing the endpoint, DNS inspection and encryption, we can go a long way to hopefully stop these breaches from happening. This goes for not only for the Fortune 500 companies, but also smaller organizations that more and more bad actors are targeting. These are "sweet spots" for attacks as nefarious characters know these organizations don't always invest too much in secure technology. No matter how big or small your company is, you are susceptible to the most sophisticated attacks. Burying your head in the sand and ignoring these risks is tempting, but ultimately futile and downright dangerous for your business.
Read about how Akamai can help your business stay secure on multiple fronts with a zero trust model.