Thanks to changing threats and technology trends like the cloud, Internet-of-Things (IoT) and bring-your-own-device (BYOD), endpoint security is much more complex than it used to be; and attackers are targeting endpoints with a vengeance. It’s time to get serious about endpoint protection, and the first step is knowing the main pitfalls and how to address them.
End-users and their myriad devices are now a top target for exploit. SANS Institute reports that user actions at the endpoint are the most common way attackers gain entry into corporate networks with 75% entering via an email attachment, 46% through clicks on malicious links and 41% through visits to infected websites that lead to drive-by malware downloads.
Why? There are a number of reasons, but most come down to the fact that organizations rely too heavily on conventional endpoint protection approaches like antivirus or signature-based controls that simply can’t cover the broad expanse of endpoints on the network today. To avoid becoming the next headline, companies need to shore up their endpoint security. That means avoiding the following common pitfalls:
· Security-blind workforce: As the SANS stats show, the majority of threats that entered at the endpoint could have been thwarted if users were better educated about what a malicious email or website looks like and trained to report potential threats. Good user education should also include policies for keeping corporate data safe, such as trying never to store critical data on a tablet or smartphone, using encryption, backing up sensitive data (a critical defense in a ransomware scenario), and using only corporate-sanctioned apps or those downloaded from reliable app stores.
· Poor cyber hygiene: All endpoints, from traditional corporate PCs and laptops to mobile smartphones or tablets in BYOD scenarios must be kept up to date and included in all vulnerability and patch management programs. Organizations should also consider removing difficult-to-update endpoint software like Java or Adobe Flash, which may not be business-critical but are most often compromised by attackers.
· Limited endpoint security platform: Since it’s obvious that traditional tools or signature-based AV can’t get the job done, a better strategy is to deploy endpoint protection that can run on a variety of devices (PC, laptop, smartphone, tablet, etc.) and provide the right level of visibility, control, protection and authorized access to thwart threats and keep endpoints safe.
Fortinet Offers Better Endpoint Protection
A good example of effective endpoint protection is Fortinet’s FortiClient. It offers a lightweight security agent that can be deployed on just about any endpoint, from a Windows PC and a Chromebook to an iOS or Android mobile device. Together with Fortinet’s FortiGate next-generation firewall platform and single-pane-of-glass management via FortiManager, it provides true access control, policy enforcement and remediation, ensuring no endpoint gains access to the network without the requisite protections and policies in place.
Integratable with Fortinet’s Security Fabric, Fortinet’s endpoint protection platform goes beyond endpoint awareness, compliance and enforcement to communicate with key fabric-compliant security tools such as malware sandboxes, IDS/IPS and more. The result? Organizations can quickly detect and identify potential endpoint threats, share threat signatures and block both known and unknown attacks in real time.
A partner of Fortinet, Fine Tec is in the ideal position to help your customers achieve better endpoint protection. Learn more.