An endpoint security architecture in the past means any personal device used by an end-user. It includes laptop desktop and other devices now it includes smartphones, IoT and other devices connected to a network. Endpoints need to be secured because they are easy to point of entry into a network. This is because gullible end users can be deceived through social engineering and attackers will have access to a network. You also need to know that online connections have expanded which has also increased the attack paths for a network. In this article, I will be talking about all that you need to know about endpoint security architecture.
Before the advent of the internet, bad actors always rely on floppy disks to spread malware. Infected disk inserted into a computer will always infect other computers. This also includes all other connected devices such as CD, DVDs and other removable devices. This attack path was limited in scope before the advent of the internet. The first endpoint products were antivirus. They are meant to scan devices for malware.
A virus always looks for specific characteristics and fingerprints of viruses in a particular device. If it founds any documents or programs that have these characteristics, it could quarantine or expunge the program. All these changes when businesses began to connect to the internet. Many more attack vectors became available to the criminals. Such as email phishing, infected website, BYOD and social media. These new opportunities proliferate the growth of malware from 10s of thousands per year to 100 of thousands per day.
Also, the bad actors begin to exploits security loopholes in an OS. Applications like web browsers and MS Office increases attack surfaces. There was the introduction of Polymorphic malware which can change its characteristics itself. This makes signature-based antivirus to become ineffective. This leads to the introduction of Endpoint Protection Platform.
The technology of EPP is to prevent malware before it executes itself. It also prevents fire-based malware which is malicious software that are codes, that if when opened can cause harm to devices. EPP is meant to prevent that. It makes use of Firewall based security. It provided many prevention-based services such as anti-virus, device, fireworm, web filtering, data protection through encryption. Device control is a technology that provides built-in security that detects, authorizes and secure removable storage devices.
Web filtering is a technology that enables a network administrator to control what type of website you are allowed to visit. Non of these techniques provide an ultimate remedy for endpoint protection. Web filtering for example is not the solution because malware can also be displayed as adverts on legitimate sites. Given the complexity of malware and attack paths, security professionals came to realised that it is difficult to block all attack paths. That is why a new strategy was developed called Endpoint Protection and Response.
Endpoint Protection and Security
EDR is software that detects, investigates and Respond to malware threats. It began as a Digital Forensic Investigation tool. It provides security analyst with a threat to intelligence. It helps them to analyse attacks and identify Indicators of Compromise. This allows them to detect malware that cannot be detected which have been on the network for months or years. This allows them to learn about attacks and record their characteristics.
This also allows Security Analyst to detect attacks in real-time. It also comes with remediation tools. This allows them to request more information from endpoints and come up with probable solutions. They can now use that as the basis for blocking specific IPs where an attack is coming from. This solution also has its own shortcomings.
Some of them use manual methods that were time-consuming and were too slow for fast-moving threats like Ransomeware. Configuring and using it also includes some analysis of alerts which always comes out as False Positives. That means EDR cannot detect all threats in real-time. They are also time-consuming for the Analyst. Vendors responded to the shortcoming by introducing Managed EDR.
This performs basic Alert Rehash and notifies the Analyst via email. Though EDR remains too slow and too complicated and this leads to the introduction of second-generation EDR. Second Generation EDR. It was designed to fast driven and automated. An analyst can now direct EDR to remediate problems and immediately proactively addressed them. It is now configured to respond in a particular way when problems are detected. Malicious activities can now trigger a response that can block those activities before they could do any harm. It can now stop and roll back ransomware in real-time.
This allows the EDR to now address threats without necessarily removing the device. Security professionals now find the need to merge EDR and EDD technologies. The new technology now includes both characteristics. This merger also removes integration concerns as it allows different anti-malware technologies to work together. It also comes with simplified configuration and management for Analysts.
EPP and EDR software now include other Intrusion Prevention control to improve security. The new technology can now neutralize malware at the pre-execution stage. It now includes other prevention controls to improve security hygiene. This includes the ability to identify critical vulnerabilities, which allows security teams to mitigate threats. They can create policies that address malware concerns, Machine Learning was also added as part of the new capabilities. This also helps to detect malware at the pre-execution stage.
Fortinet Endpoint Security Product
Fortinet came up with FortiClient and FortiEDR that can fully integrate with other security products. They can share intelligence and can be managed centrally in what is called Fortinet Security Fabrics.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Download Our App.
CEHNigeria On Google Playstore
Download Our Blog App On Google Playstore.
Have a deeper understanding of Google Search Console. Use SEOPOZ
GET SEOPOZ. OUTSMART YOUR BLOG COMPETITORS
Have a deeper understanding of Google Search Console. Join SEOPOZ for free.
Join Our Whatsapp Group Here
Join Our Whatsapp Group
Follow Us On Twitter and I will Follow Back
Follow Us On Twitter
Kindly follow me on Twitter and I promise I will follow back. Aside you all get updates when we post new articles.