Cybersecurity Maturity Requires Evolving Endpoint Protection

By James Turgal


Cybersecurity Cyber Risk Online Article

Since the debut of the first antivirus (AV) program more than 50 years ago, endpoint security has remained a cornerstone in cybersecurity initiatives. Simply put, endpoint security is the protection of endpoints—or devices on the edge of the network, such as desktops, laptops, printers, and mobile phones—from cyber threats. 

Endpoint protection is important because vulnerabilities in these devices, or mistakes made by the people operating them, can be exploited by cybercriminals, giving them an easy entry point to company networks. Without protection, every endpoint is susceptible to attack.

What Boards Need to Know About Endpoint Threat Awareness

Previously, security teams only had to worry about protecting corporate endpoints confined within company premises—a task that could be accomplished with basic AV and other related software. In recent years, however, the number of endpoints within each company has skyrocketed, significantly expanding the attack surface. Adaptiva and Ponemon Institute’s 2022 report, Managing Risks and Costs at the Edge, found that the average enterprise in the United States runs approximately 135,000 endpoint devices.

The following factors are contributing to the explosion of endpoints:

  • The “bring your own device” movement. Employers have become increasingly comfortable with employees using personal devices at work, introducing additional risk.
  • The Internet of Things. Almost any device, such as printers and shredders, can be connected the Internet. Now, beyond traditional devices, such as laptops and phones, security teams must also protect a litany of nontraditional endpoints.
  • The rise of remote work as a result of the COVID-19 pandemic. According to a 2023 survey from Pew Research Center, 14 percent of employed adults in the United States, approximately 22 million people, work fully remote. With many employees still working from home, or in other locations using public Wi-Fi, security teams now find themselves responsible for securing a decentralized workforce using a range of devices on the job.

These factors have made it increasingly difficult for security teams to maintain visibility and manage endpoints using legacy endpoint solutions. This new era of endpoint threats demands endpoint technology innovation beyond basic protection to maintain efficacy and harden infrastructure security. 

Elevate Security Maturity with Modern Endpoint Strategies

The most effective way organizations can evolve endpoint security is by implementing a modern endpoint protection platform (EPP). EPPs go above and beyond basic endpoint software by offering innovative features such as continuous alert monitoring, expedited threat detection and response, endpoint telemetry, and remediation capabilities. This added functionality allows organizations to harden their endpoints against even the most sophisticated threats to shrink the attack surface.

Boards should ask management about their plans for strengthening endpoint security and ask the chief information security officer if they have considered the following features:

1. Next-generation antivirus tools. CrowdStrike’s “Modern Adversaries and Evasion Techniques: Why Legacy AV Is an Easy Target” states that 86 percent of cybersecurity actors use evasion techniques to bypass AV software. This is why organizations must go beyond basic AV and look for next-generation antivirus solutions that use advanced capabilities, such as machine learning, to prevent known and zero-day malware, ransomware, and fileless and malware-free attacks. The most effective AV solutions also automatically remain up to date and work offline to ensure constant protection.

2. Proactive threat hunting. Effective EPPs work in harmony with internal security teams on proactive threat hunting. Security professionals actively search for threats before they can cause damage, and endpoint platforms empower them to do so by providing comprehensive visibility, advanced detection capabilities, and efficient response mechanisms across the network's endpoints.

For companies with overstretched security teams, continuous, managed threat-hunting services offer a viable option to enhance security maturity without burdening internal resources with additional work.

3. Endpoint detection and response (EDR). Complementing proactive threat hunting, EDR capabilities supplement traditional endpoint security technology by enabling security analysts to record key activity on endpoints, which improves their ability to investigate threats both reactively and proactively. Strong EDR solutions provide automatic, real-time incident detection; identify and address threats that bypass prevention measures; detail attack steps that map to a standard industry attack framework; and stop threats by understanding indicators of attack.

Here, too, managed services can help. Managed detection and response (MDR) is a suite of solutions bundled together to create a comprehensive threat detection and response platform. This commonly incorporates security information and event management; security orchestration, automation, and response; EDR; and other customizations, depending on the needs of a business. This is often the appropriate option for more mature organizations who purchased security tooling and find that they have underutilized their new technology and don’t have enough in-house expertise or resources to gain the highest return on investment. MDR excels at providing visibility across the entirety of a company’s infrastructure and a more in-depth reporting structure.

4. Threat intelligence. This plays a vital role in endpoint protection by providing information on emerging threats and threat actor groups, and the tactics, techniques, and tools they use. Threat intelligence supplements this information with context to provide alerts and detections to expedite investigations and remediation.

5. Vulnerability management. This capability identifies, prioritizes, and addresses security vulnerabilities present in endpoint devices. Specifically, vulnerability management scans endpoints to identify vulnerabilities that provide potential entry points for attackers, such as outdated software, misconfigurations, or unpatched systems. Once identified, vulnerability management helps security teams prioritize vulnerabilities based on risk so that they can focus their efforts on addressing the most critical first. Patch management also plays a large role in vulnerability management as it ensures endpoints have the latest security patches and updates to reduce the risk of exploitation by known vulnerabilities.

Managing Risk to Build Resilience

Modernizing endpoint security is necessary to establish a proactive approach to cybersecurity amid today’s threat landscape. In addition to upleveling an organization’s security posture, modern EPPs also help maintain compliance with growing rules and regulations around endpoint data storage and meet cybersecurity insurance policy requirements.

Perhaps most importantly, with a modern EPP, organizations can manage cyber risk to build true resilience—empowering them to withstand endpoint attacks and any type of data loss event, get back to business faster, and protect shareholder value.

Optiv is a NACD partner, providing directors with critical and timely information, and perspectives. Optiv is a financial supporter of the NACD.

James Turgal
James Turgal is the vice president of cyber risk, strategy, and board relations at Optiv.