Ripping Off the Endpoint Protection Bandaid

9.17.2020 | Tanium

Bandaid solutions prevent business resilience

When an endpoint is compromised, time is of the essence and there are key questions that have to be answered as quickly as possible: How was your system initially infected? Which accounts were compromised? Was malware installed? Did your attacker move laterally? Perhaps most compelling: was data accessed or stolen?

Without answering these questions, every passing minute increases the chances of the breach becoming catastrophic to your business. Add a rapidly distributed workforce and limited IT resources that are even more constrained now than before, and it becomes clear that organizations need to be able to fully scope and remediate incidents as quickly and thoroughly as possible. Simply putting a bandaid on a compromised endpoint without remediating the root cause will inhibit organizations from establishing true business resilience in the long run.

A prescription that gives organizations an edge

Just like grandma’s sworn home remedies, legacy point solutions are not enough to protect an organization against an ever-increasing and complex threat landscape. Recent Tanium research shows that within the first two months of the COVID-19 pandemic alone, 90% of organizations saw an increase in cyberattacks with 98% admitting facing security challenges with their newly-distributed workforce – a clear sign that a stronger endpoint protection prescription is needed.

Using a unique defense-in-depth approach to prevent malware, unwanted applications or malicious insiders accessing the network environment can help organizations prevent material harm to their business. In addition to practicing good IT hygiene, utilizing a combination of native anti-malware capabilities (e.g. Windows Defender) for active protection and a solution capable of providing real-time visibility and control across the enterprise helps security teams ensure that Defender – or any AV/NGAV technology – is healthy and up-to-date.

As an added benefit, this type of solution enables organizations to use native security controls to restrict endpoint functionality by:

  • Managing the endpoint firewall
  • Controlling applications through blacklisting and whitelisting
  • Managing endpoint encryption
  • Controlling devices
  • Implementing the latest antivirus protection

Charting the full history is key

The reality is that even with fortified endpoints and preventative controls, breaches are inevitable. Organizations have long conceded that the question is no longer IF they get breached, but WHEN. That’s why it’s key for incident response teams to have flexibility, speed and comprehensive, real-time visibility across the network to identify and remediate breaches before they become enterprise-wide incidents. A Unified Endpoint Security (UES) platform provides exactly that.

With UES, organizations are not limited to previously collected endpoint telemetry. They can leverage the latest intel, ask real-time questions directly from endpoints and react to breaches faster before they lead to material incidents. By understanding the comprehensive current and historical state of the system – going back 10, 30, 60 days or even further – through integrations with cloud-native security analytics such as Google Chronicle, UES platforms help ensure nothing is missed and that all teams are working with a one source of truth.

The cure lies in a defense-in-depth approach

Bandaid remediations are incomplete and only prolong incidents by driving attackers into the shadows. They do not cure the root cause of vulnerabilities. Organizations need to quarantine compromised hosts and remediate those compromises before returning endpoints to business as usual. A single undetected, still infected endpoint is enough to flare up the vulnerability again and wreak havoc. Fully scoping the extent of the attack and executing comprehensive changes across the environment is the only way to fully respond, remediate and recover.

Modern and effective endpoint protection requires a combination of asset management, security hygiene, prevention, detection and response to help secure environments against attacks and protect business continuity, reputation and financial impact. Legacy endpoint protection tools are not capable of keeping up with the ever-evolving threat landscape and lack the cure to fix the root cause of vulnerabilities.

It is a long journey for these point solutions to evolve from solving a single issue to the future of endpoint protection: Unified Endpoint Security.

Fortunately, Tanium is already there.

Interested in seeing Tanium in action? Schedule a one-to-one demo or talk to our Tanium experts at our upcoming events.