• United States



Work from Anywhere Doesn’t Work Without Endpoint Security

Sep 14, 20215 mins
Network Security

endpoint security safe system protection 2d illustration picture id1048305600
Credit: iStock

After the pandemic sent many employees home, the concept of work from anywhere was top of mind for many organizations transitioning their infrastructure to support this new model. However, even before the pandemic, there was a need for secure remote access regardless if a user was on their home network, office network or coffee shop network. People checked their work email while sitting at a soccer game or restaurant. Was that connection reliably secured? Maybe. Maybe not.

Security becomes even more important when people are distributed. Unfortunately, many organizations are challenged with establishing a sound secure remote access strategy which undoubtedly contributes to the uptick in ransomware attacks. In fact, there was a ten-fold increase in ransomware during the 12 months of July 2020 through June 2021. Cybercriminals are targeting the work from anywhere workforce, which coupled with the increasingly sophisticated threat landscape underscores exactly how important endpoint security is for organizations.

Endpoint Security Matters

When you look at the current threat landscape, solving the continuing security issues related to increasingly distributed networks and the rapidly dissolving network perimeter can seem overwhelming. But it’s not impossible and every big project starts with a few small steps. Instead of assuming that any user or device inside the network can be trusted, organizations need to move away from a “perimeter-based” approach to security that grants implicit trust based on location. Then organizations need to focus attention on endpoints. This requires solutions that provide visibility into devices and their state, strong protection measures, remote monitoring tools and threat remediation for endpoint devices of all kinds.

Secure Remote Access with ZTNA

The pandemic did a good job of showing the need for VPN technology to evolve in order to securely manage remote access to today’s dynamic and distributed networks. Zero trust network access (ZTNA) offers a remote access solution that addresses concerns related to application access. A zero trust approach assumes that no user or device is trustworthy until proven otherwise. That means no trust is granted for any transaction without first verifying that the user and the device are authorized to have access. Many zero trust solutions are cloud-only, which limits organizations’ options. Organizations looking for more flexibility should consider a solution that can be deployed both on-premises or in the cloud.

Moving to Modern Endpoint Security with EDR

In addition to moving to ZTNA for remote access, organizations need to use modern endpoint security with endpoint detection and response (EDR) capabilities. The good news is that today’s endpoint security solutions are far better than traditional first-generation endpoint protection platforms (EPP) that focused on threat intelligence-based prevention.

Those EPP products have given way to newer behavior-based protection approaches. But even the first generation of EDR products that were designed to supplement traditional endpoint protection have fallen behind the volume of fast-moving cyberattacks. Dealing with a flood of alerts and ferreting out real threats from a sea of false positives takes time, overwhelming security teams and increasing risk.

This patchwork approach of EDR bolted on to traditional EPP is no longer sufficient. Modern endpoint security (with EDR) should have the ability to:

  • Predict and prevent attacks through attack surface reduction and malware prevention
  • Detect and defuse threats with real-time detection and disarmament
  • Respond, investigate, and hunt for threats with the help of orchestrated remediation and forensic investigation

Given the sophistication of today’s threats, prevention can never be 100% effective over an extended period of time. So modern endpoint security needs to take a behavior-based approach to pre-infection and post-infection protection as well as detection and response.

Blocking, detecting, and defuses threats automatically is more effective at stopping breaches and preventing ransomware encryption attacks than approaches that rely on manual responses to detection. If the solution can block external communications of malware and deny it access to file systems, it prevents file exfiltration and ransomware encryption.

The addition of automation and artificial intelligence to modern endpoint security also helps with the ongoing assessment and classification of suspicious activity. If the solution determines that there’s a problem, it can initiate a response that can then be automated using a customizable playbook.

Using playbooks, you can pre-define actions- based on threat categorizations and policy groups, for automated response and remediation procedures that are specific to your organization.  And human security analysts that are now freed from chasing after alerts and false positives have time to watch over the largely autonomous endpoint security solution. They can continue to refine their automation, learn from the cyberattacks identified and continuously improve their organization’s security posture.

Putting it All Together

Making work from anywhere actually work securely requires setting up a variety of components. In the rush to get something set up, many organizations end up trying to integrate solutions from different vendors. Unfortunately, doing so generally adds complexity to an already overburdened environment. Even worse, the components often run on different operating systems and use different consoles for management and configuration, so setting up robust endpoint security and remote access can be complex and sometimes even impossible.

A better option is to take a holistic approach to security with a platform that allows you to connect different security devices into a single, integrated security system that spans your distributed network. When you have users connecting from almost anywhere to resources that could be located almost anywhere else, having security connected into a single platform improves visibility. It makes it possible for you to tell what’s going on even in the furthest reaches of your network, so you can keep everything, everywhere as secure as possible.

To help organizations ensure enterprise-grade security and high-performance connectivity for remote and hybrid workers at home, check out the new joint enterprise solution from Fortinet and Linksys: Linksys HomeWRK for Business | Secured by Fortinet.