Endpoint security is failing. There are a million attackers out there devoting all their energies to getting through the network perimeter and, right now, the odds are stacked in their favour. Network defenders are juggling multiple agents on endpoints, they don’t integrate well and each has its own management interface, placing a heavy burden on already thinly stretched staff. Breaches are up 40% as ransomware, crypto-mining and the next new variant continue to batter the network. If we are going to swing the odds back in our favour we need a different approach and the answer to at least 10 problems facing endpoint security right now lies in the cloud. Here’s a whistlestop tour of the ways cloud-based security can help fix the problem of endpoint security.
- Keeping up to date:As attack patterns change, the network has to evolve to respond. Patches, policy and application updates all need to be rolled out company wide, which itself carries risks. Plus, you need to know that their deployment has been successful. All this takes time and resources that you don’t have. The cloud resolves this by eliminating local infrastructure, lifting a huge burden from IT staff and ensuring that defence is always up to date, network-wide. The cloud delivers and streamlines updates down to the endpoint in a well-controlled, simple environment.
- Integrating security products to gain full visibility:The best picture of the threat landscape comes when you connect the dots of all the data that you are monitoring. With endpoint agents, network and SIEM products it can be very hard to get a meaningful, actionable view. Cloud APIs and pre-built integrations allow you to unify products and create global visibility that tells you what is actually going on.
- Managing multiple agents:When you’re working with a combination of Anti-virus, endpoint detection and response, HIPS and the rest it can be difficult to work out what is where. Cloud-based security uses a single consolidated agent that collects a rich amount of data from the endpoint and optimises it for analysis. This vastly simplifies management and offers more robust intelligence to inform your security posture.
- Securing remote workers:Today’s employees expect to be able to work anytime, anywhere, but this means less control over users’ devices. You can’t rely on workers coming onto the corporate network to pick up policy updates and users can quickly get out of date. The cloud consistently treats every endpoint the same way, wherever they are, making sure that critical updates get delivered, handing back control and reducing risk.
- Slowing down user devices:Hell hath no fury like a user with a slow device and traditional AV slows things down, killing productivity and creating unhappy users. The unlimited storage and processing power of the cloud takes that burden away from the endpoint, with a lightweight agent that doesn’t impact productivity, meaning that you have control and the user is happy.
- Preventing new attacks:Attackers invest a lot of energy in tweaking and modifying their TTPs to try and get around defences. As new attack vectors develop it can take traditional AV days to identify them and come up with a signature for future use. This creates uncertainty in the period before the attack is properly identified as you scramble to understand it. The power of cloud analytics allows unfiltered endpoint data to be analysed and similarities with previous attacks identified, so the likely impact and evolution of the new attack can be predicted in the shortest possible time.
- Tracking down problems:This is one of the biggest challenges with traditional AV. Frequently you know that there’s a problem, but a lack of visibility means that you can’t identify exactly where or what it is. This means you can’t prioritise, allocate resources and you struggle to give detailed information to the executive team. Cloud-powered analytics derived from unfiltered data give you a complete picture of a threat, how it behaved, what else it touched and how it spread. This gives you the knowledge you need to develop the right response and the evidence you need to get that strategy endorsed at the highest level.
- Quick response:Speed is critical in our business. The advanced visibility that cloud-based security delivers enables you to see the problem, contain it and remotely access the affected endpoint to carry out remediation. In the past this could have meant having to get physical access to the device, but now you can carry out real-time investigation right from your desktop and faster problem resolution means less damage inflicted.
- Information sharing:We know that knowledge is power and with those million threats out there it’s important that you don’t feel alone in battling to keep them out. The cloud facilitates collaboration and education and there’s a great community out there for support. After all, the bad guys are talking to each other, we should be too.
- Lift the burden of managing infrastructure: Managing infrastructure is a major challenge for organisations. Keeping the network, storage and computing facilities all up to date and fit for purpose is an expensive business and capital investment is a big issue. The beauty of the cloud is that it has no infrastructure. Providers like ourselves make it our business to keep everything up to date and operational – we wouldn’t be in business if we didn’t – so we take the burden away from on-site teams and make life simpler for everyone.
So, there are my ten good reasons why cloud-based security really represents the future of endpoint security. If I sound like an evangelist, that’s because I am. We need to scale up to meet the challenges we face and cloud enables us to do that. It frees up stretched resources to facilitate a more strategic approach to network defence and gives critical visibility and intelligence that makes us smarter and more effective. In the threat environment that we face, we need to be seizing every advantage we can.
[su_box title=”About Rick McElroy” style=”noise” box_color=”#336588″][short_info id=’105428′ desc=”true” all=”false”][/su_box]
Principal Cybersecurity Strategist
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.