Context Matters: Improving Endpoint Security with Threat Intelligence

With the future of the workplace unknown, CSOs have to work intelligence into their endpoint security strategies.

istock 1198579937
iStock

We’re shifting into a “mixed reality” of remote employees, workers returning to the office, and uncertainty as to the permanence of these distinctions. That makes it challenging for security leaders to do defense planning.

And yet, one thing is certain: Endpoint security has significantly changed. It requires a great deal more management, coordination, and insight, considering there are more people and devices connecting to the network outside the traditional corporate firewall.

For example, Cisco research has revealed that organizations continue to face a wide variety of endpoint threats. The most critical or potentially destructive categories include:

  • Fileless malware
  • Dual-use PowerShell tools
  • Credential dumping tools

That said, some endpoint security solutions may only present these threats as alerts — with little or no context as to whether they merit further investigation. As it is, security teams have their hands full registering endpoints, limiting the execution of unknown files that could contain malware, and monitoring the connections between endpoints.

An intelligent approach to threats

“Organizations need a complete picture of their IT environment as well as the types of threats to look for,” said Joakim Lialias, Director, Cybersecurity Product Marketing at Cisco. “It’s especially important to get a handle on this now, considering how many endpoints are connecting to all different types of WI-FI networks.”

The first step, he suggests, is being able to organize threats by their criticality, and then gain an understanding of threat context specific to their organization.

“As more companies look to the MITRE ATT&CK framework as part of managing their overall cybersecurity strategy, it’s important to have capabilities that can map telemetry back to that framework,” he said. “Doing so helps CISOs not only determine which protection mechanisms to deploy, but also the types of exploits to proactively prevent.”

Threat intelligence plays a critical role in making those correlations and offering contextual awareness. It offers a host of benefits, including:

  • Increased productivity. Using threat intelligence, security teams can use automated scripts to isolate or control endpoints based on connectivity identified as potentially vulnerable. This not only saves time spent on detection, it puts proactive defense into play.
  • Faster threat detection and response. The right threat intelligence tools offer constant visibility so teams can get ahead of potential incidents.
  • Improved threat hunting. By feeding intelligence into threat hunting efforts, organizations can more effectively and proactively protect the entire IT environment.  

“Threat intelligence gives organizations the opportunity to take advantage of information, the endpoint telemetry that is generated will help to improve their overall security posture,” Lialias said.

Whether that’s for proactive threat hunting or improving detection and remediation, threat intelligence for endpoint security is no longer a luxury.

“It’s important to have this information at your fingertips,” Lialias said. “We will likely have remote or distributed workforces for some time, so it’s critical to have this contextual visibility for smarter and strengthened security.”

Read more about threat landscape trends in endpoint security. 

Related:

Copyright © 2020 IDG Communications, Inc.