Endpoint Security: The Threat Stops Here

February 19th, 2015


By Craig D’Abreo, Masergy VP of Security Operations  

The last line of cyber security defense for most organizations is endpoint security. Virtually all customers deploy some form of antivirus and anti-malware software on PCs, laptops, mobile devices and their trusted computing base (TCB). Some customers have also deployed Host Intrusion Detection/Prevention agents (HIDS/HIPS) on TCB servers. Beyond antivirus and anti-malware software, a much smaller percentage of customers (<15%) will employ a more sophisticated endpoint security solution designed to validate endpoint security compliance prior to allowing user devices access to the network. We must address the risks imposed by the end-user.

With the proliferation of web, email and social media, users are simply one click away from compromising their devices and the corporate network. Many laptops operate outside of corporate network defenses making users even further exposed. In an era of mobile computing, employees often visit questionable websites and utilize free software associated with social media and web applications that provide fertile ground for the introduction malware, which is then subsequently “hand-carried” inside the network when they return to work.

Advanced Persistent Threats (APTs) also pose serious challenges and are on the rise. An APT is any breach that seemingly emerges from within an organization’s network by targeting the path of least resistance, the mobile end-user. Once the APT is “hand carried” into the middle of the network on a compromised laptop or mobile device, it’s able to replicate in a peer-to-peer fashion, roam the network undetected, and stealthily establish an encrypted connection back to a hacker’s command and control website. APTs are purposely designed to leverage zero day exploits and polymorphism to evade signature detection technology, and subsequently infiltrate systems by exploiting the inherent trust between operating system components. As a result, it’s well documented that endpoint security solutions catch only about 30% of malware. While APTs are generally associated with many high profile breaches (Home Depot and Target), they are far more prevalent than you might think. In a 2013 survey conducted by the Information Systems Audit and Control Association (ISACA), one in five enterprises had experienced an APT attack. This growing awareness of APTs throughout the IT industry has provided inspiration to augment traditional defenses with advanced threat protection solutions as part of a Defense-in-Depth strategy.

In our next installment, we’ll discuss the Defense-in-Depth approach to cyber security in more detail. In the meantime, learn how Masergy’s 360 Living Security Audit can help detect APTs.

Craig D'Abreo

Craig oversees the Managed Security, Threat Intelligence and Security Professional Services departments at Masergy. He is responsible for Masergy’s proactive enterprise cybersecurity threat management and operations program. Craig holds a bachelor’s degree in Computer Science and an MBA in Information Security. He is a Certified Information Security Systems Professional (CISSP) with over a decade of experience in the security industry and holds various network security certifications. He has written on various security blogs, spoken on a range of industry panels and is a recognized thought leader in the cybersecurity space.