Geronimo !!!
Endpoints have become the new prized possession in the eye of the cyber-criminal. Just like normal domain users, once an endpoint is compromised, an attacker is free to roam about the network and launch further attacks.
The military would call this strategy para-trooping. Bypass the perimeter defenses by dropping your army in behind enemy lines. In the cyber security world, we call this strategy hacking 101.
Why the Endpoint?
Because, it’s where the user interacts with the rest of the world. It’s no secret amongst the ethical and unethical hackers, that endpoints are the most vulnerable part of any computer network. What defines an endpoint? My explain-it-like-I-am five definition of an endpoint is; where-ever a user interacts with a computer. By developing attacks that are centered around the endpoint, a hacker increases their likelihood for compromise and their likelihood for finding data that has value. Stealing sensitive information equates to dollars and cents for a hacker and that makes them happy.
The Numbers
This post wouldn’t be complete without some numbers behind it. After all, this is the age of, if you don’t believe me then google it, where anything that comes out of your mouth runs a high chance of being fact checked. Especially by that girl you are trying to impress, or that know-it-all at the party who is never wrong. With that in mind here are some stat’s to back up my claim. Feel free to use them at your next social event!
- Mobile attacks are less than 1% of the total attacks
- 70% of the attacks where the motive was know, resulted in a secondary victim being affected, and are primarily opportunistic attacks such as malware injected into a website.
- Phishing is still an easy and fast technique for compromising a victim. 23% of recipients open phishing messages, 11% click on the attachment. 50% of phishing emails opened within the first hour.
Endpoint Security
Keeping in line with the military terms we’ll use another one called the OODA loop. The OODA loop stands for Observe, Orient, Decide, Act. This OODA loop is a prime example of what a proper endpoint security product should do.
- Observe: You can’t stop what you can’t see. Therefore you need complete visibility to all your endpoints. When looking for an endpoint security solution make sure that it provides a holistic view of all your endpoints. Additionally, the right solution is one that goes-on-the-hunt, and is proactive instead of just reactive.
- Orient: Now that we’re observing a threat we need to learn about it, quickly. Is this patient zero or patient 19? Your solution should involve some sort of recorder, that allows you to roll-back-the tape and map out visually what a threat did or did not do. Some questions it should be able to answer are; When did it occur? How far did it spread? Do I have real-time visibility.
- Decide: Making a decision requires an expert. Software will take you part of the way there but you’ll still need a trained eye to filter out the noise and determine the best course of action. Some questions the expert will need to answer are; Is this a false positive or a true positive? What level of response does it require? Something to ask yourself is, how do I best equip my company so that we can make decisions about threats quickly and accurately? You may need to outsource this or hire someone(s) in house.
- Act: In cyber security we have something called the golden hour. Most compromise happens within minutes of the initial infection. So speed is very important when choosing the right solution. Can your company act quickly, accurately, and completely to the cyber threats.
Conclusion
Today’s threats move so quickly that you need eyes on your network at all times. Those who are prepared to combat today’s threats will most certainly have an endpoint security solution. I wouldn’t be doing my job if I didn’t mention that WatchPoint’s Comprehensive Cyber Security covers all aspects of endpoint security.
Our incident response team is always on the hunt for threats. It’s not enough to be re-active to cyber threats. They move far too quickly for that. Whatever endpoint solution you choose, make sure it incorporates an element of hunting.
In closing I’d like to quote one of my favorite motivational speakers, Eric Thomas: What makes a lion a lion isn't what he does to the gazelle. What makes a lion a lion is the hunt, it's the process that makes a lion a lion.”