Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
Al Huger, Vice President and General Manager of Platform & Response, Cisco Secure
Al Huger, Vice President and General Manager of Platform & Response, Cisco Secure
Sponsored Article

The Growing Importance of Endpoint Security

Endpoint security is a cornerstone of modern security enabling a control plane for a broader architecture that can help to enable XDR, SASE, and zero trust.

Make no mistake about it, endpoint security has always been important. In the transition to remote work environments in the wake of COVID-19, endpoint security has become even more pressing than perhaps ever before.

Work from home existed before the pandemic, but not at the same scale or with as much at stake. Seemingly overnight, the majority of endpoints migrated outside of the corporate network perimeter. Endpoint security has long been a focus for the IT industry and will remain so for years to come, because the majority of threats organizations of all sizes are facing are headed to an endpoint, whether it is a desktop in an employee's home or the database server holding the authentication information for your entire company.

The simple truth is that the endpoint is today, and has always been, a gateway to everything that your company cares about relative to its intellectual property.

Endpoint Security by the Numbers
According to the new Cisco Security Outcomes Study: Endpoint Edition, organizations are struggling with endpoint security. The report found that over 40% of global organizations had a major security incident in the last two years. Organizations that haven't prioritized an integrated platform with endpoint security as a core element were almost twice as likely to have suffered a major security incident.

An analysis of critical severity indicators of compromise (IoCs) detected by Cisco Secure Endpoint found that there are four primary techniques used by attackers. Topping the list are dual-use PowerShell tools. While this can include PowerShell frameworks such as PowerShell Empire, and frameworks that can leverage PowerShell, such as Cobalt Strike and Metasploit, it is also common to see simple PowerShell command-line activity and custom PowerShell scripts being used to secure access or move laterally within networks. PowerShell is popular with threat actors because it is largely installed by default in enterprise computers and the activity usually is not closely monitored.

Coming in second in the list of top IoCs is ransomware. For many financially motivated threat actors, delivering ransomware to endpoints and successfully encrypting the data there is the major objective of their activity on the network. The past few years have seen a major surge in ransomware activity globally. Modern endpoint security software like Cisco Secure Endpoint provides multiple layers of protection to prevent actors from reaching this goal.

The third most frequently observed IoC group is fileless malware. It infects endpoints via suspicious memory process injections and registry activity. Threat actors use this technique to try and avoid detection by older endpoint protection technologies.

Rounding out the top four list of IoCs is credential dumping. Among the most widely used credential dumping tools is Mimikatz, which scrapes user credentials from endpoint system memory. Ultimately, these credentials will be used to move laterally with the goal of compromising the Enterprise Active Directory servers to either allow broad distribution of ransomware or unfettered access to other target data.

It's clear that endpoints that are under attack face a variety of different sophisticated techniques as actors secure initial access, move laterally through the network, escalate their privilege, and exfiltrate and encrypt data. It's not just the viruses, worms, and Trojans that the first generation of endpoint security technologies protected against either. The modern threat landscape requires a more sophisticated approach than simply scanning endpoints for malware.

Endpoint Is the Last Line of Defense
While modern cybersecurity threats take many different forms, it's clear that in order to defend against threats, organizations need the ability to detect and block a variety of actor actions on the endpoints.

Endpoint security remains the critical linchpin of modern IT security efforts. In the past, actors were largely primarily targeting servers and databases, but today endpoints are both the means of traversing the network and the ultimate objective. Because of this, visibility into the activity on endpoints is critical in order to track and block attacker actions.

Compliance with any number of different regulatory or cybersecurity policies often involves an organization being able to demonstrate that it has controls in place to identify potential risks and attacks. Having the ability to query endpoints across the enterprise to understand their current operating state and history provides both a powerful security tool and support for the audit process.

Taking a Platform Approach to Endpoint Security
Endpoint security is also a core element of the modern platform architectures for cybersecurity, including SASE, zero trust, and XDR. SASE provides a holistic approach to enable security at the edge of the network, zero trust continuously validates access, while XDR enables detection and response to potential threats.

Endpoint security is increasingly the last critical line of defense for remote employees and the devices they use every day. Endpoint security is now also the control plane for the security industry and a core element of a platform approach that ties different elements of security together.

About the Author

Al Huger is Vice President and General Manager of Platform & Response at Cisco Secure. Al has a rich background in building products focused on security intelligence, vulnerability management, incident response, cloud-based services (SaaS), big data analytics platforms, and managed security services. Al has held technical executive roles in the computer and networking security industry for the past 25 years and is a three-time veteran of launching successful startup companies, Al co-founded and sold companies to McAfee/Intel, Symantec, and Sourcefire.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-09-24
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes suc...
PUBLISHED: 2022-09-24
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information...
PUBLISHED: 2022-09-24
Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.
PUBLISHED: 2022-09-24
Besu is a Java-based Ethereum client. In versions newer than 22.1.3 and prior to 22.7.1, Besu is subject to an Incorrect Conversion between Numeric Types. An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incor...
PUBLISHED: 2022-09-24
MyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround.