Endpoint security looks quite a bit different than it did several years ago. Organizations these days are much more disparate and disconnected. In many ways, the perimeter has dissolved and organizations have less control over what aspects of their environment they can secure.
This results in endpoints becoming the most important element for an organization’s cybersecurity. We advocate implementing an EPP solution for all your endpoints. It can help secure your organization and provide a critical mass of telemetry that lets you know how your endpoints stand against potential threats. By knowing what mitigations and potential attacks have occurred, you’re equipped with insights that can help in the next attack.
EPP technology has evolved quite a bit as have the needs of today’s SMEs. We want to make the case why EPP solutions should be considered and why they should comprehensively cover all your endpoints.
The State of Endpoint Protection Today
Implementing EPP across your entire organization is a significant step in bolstering your cybersecurity posture and you may come across certain objections and reticence. Organizations may have also considered EPP solutions in the past but have dismissed them for other reasons. However, the shifting needs of organizations and evolutions in EPP technology make EPP solutions worth considering again.
Endpoints are more accessible than ever before
Under more traditional infrastructures, an endpoint could be secured via defense in depth — the endpoint was behind a firewall, obfuscated, there were controls in place, and it was locked down. For many organizations, the security of these endpoints relied on their position in an infrastructure, where they were protected by fixtures external to their configuration, and so ensuring an intrinsic resistance to attack held a lower priority.
More and more, endpoints today are a singular defense, often directly exploitable by virtue of a compressed, less wholly managed, surrounding infrastructure. Many organizations’ technology stacks are a collection of endpoints across multiple infrastructures owned by other companies, to include employee devices, BYOD, servers owned by other companies, and data and processes hosted across multiple infrastructures.
This has resulted in companies having a nearly indefensible environment and network. What used to sit in numerous systems on-prem is now remotely accessible via the wide-spread adoption of SaaS and cloud-based services.
The endpoint and SaaS services still have the same risks of past network infrastructure, but it’s collapsed into a flatter layer. Nearly all endpoints sit on the edge and can be accessible to malicious hackers, especially if they’re interacting with third-party vendors. Organizations can’t afford not to secure them.
EPP results in less disruption
Cybersecurity is always balancing security with productivity — if a system, solution, or process is so secure that an employee can’t use it, how useful is it? This same line of thinking led to a lot of hesitation in adopting EPP, especially when considering placing security controls on more sensitive endpoints like switches, servers, or firewalls. If an EPP solution disrupted or broke a system or control, it interrupted the organization too much — the EPP did more harm than good.
But today, endpoint security solutions are compatible and configurable enough that they don’t disrupt or render anything unusable. Even if the above scenario does happen, your EPP solution should be tailored to your endpoint, work based on behavior, and be customizable enough so you can shift controls to keep them working without breaking any systems.
Some EPP solutions allow you to specify its level of enforcement allowing you to test an EPP solution on a system or control that’s sensitive. You can install an EPP on minimal enforcement mode, make it less aggressive, less disruptive, and you can test whether it breaks things. This level of customizability gives organizations much more control, giving them more options for implementing an EPP solution.
EPP solutions are much more compatible with many operating systems
In the past, some EPP solutions just didn’t work with the different architectures and operating systems in the past, especially for organizations who had less homogenized infrastructure. However, EPP technology has evolved and is advanced enough that most operating systems and infrastructures are supported.
As for current cases where an EPP does not support some parts of your architecture, that’s where risk management comes into play. Endpoint protection is absolutely crucial in today’s world and it’s not a reasonable excuse to leave your endpoints insecure because an esoteric operating system or configuration can’t run your chosen EPP agent.
You don’t want to drive the world’s fastest car if it means giving up seat belts and crash cages . . The risk just isn’t worth it.
If you want to implement an EPP solution that covers your entire organization (and you should), it requires long-term planning.
Implementing a fully covered EPP solution and strategy
We recommend protecting all your endpoints and highly advocating for implementing endpoint protection everywhere.
Endpoint protection provides defense by community but only if it’s deployed more pervasively — it’s a necessity, driven by breakdown of barriers because there’s no corporate network, or definable perimeter. This doesn’t mean that you’re not protected until all your endpoints are covered. Having an environment that’s 99% endpoint protected doesn’t mean your 1% is putting you at risk, it’s reducing the odds that the 1% unprotected will lead to a compromise.
That requires thinking about your roadmap as an organization and as a security department. As you’re having conversations about your infrastructure make-up, your roadmap, architecture and the servers and operating systems you and your organization are working with, you need to keep security in mind.
It’s a tricky balance as you don’t want to limit productivity in the name of security but when it comes to endpoint protection, temper your architectural considerations towards compatibility and performance with a security layer. Don’t be convinced that security needs to meet you where you’re at, where you have to deploy security in any architecture.
That’s a fallacy you’re better off avoiding — it’s your responsibility to think of security as part of your overall organization’s roadmap. The closer aligned security is to the company’s plans, the better secured it can be and that’s your opportunity to make the case for implementing something like EPP everywhere.
Operating system and infrastructure homogeneity with a goal towards compatibility to your security layer is preferred over ultimate performance especially for SMEs.
How a modern MSSP can help
Implementing EPP for all your endpoints can be a daunting task and a modern MSSP can serve as a trusted advisor as well as a source of tools and services, especially for organizations who may not have a robust cybersecurity department or a person solely dedicated to managing cybersecurity.
If an MSSP provides their own curated tech stack (which they should), they can provide the right EDR or EPP solution. They can also help guide you with architecture compatibility, road mapping towards protecting all your endpoints and helping you have the conversations you need to land on that state. If you have a partner that can provide guidance, you’ll be able to see a more holistic security picture and better balance security, productivity, and efficiency - and what we term as a minimum dose of security.
Talk to SolCyber about how we can help with your endpoint protection, plus a whole lot more!