Introduction
Security teams are only as strong as their visibility and telemetry. Insight into an organization and its various assets is the primary enabler of effective detection and response capabilities. Endpoints, such as user workstations, laptops, servers, and cloudbased systems, are the most prevalent type of asset within organizations—and equally the ones that adversaries target most. Endpoints contain data, store user account credentials, and link to other parts of the network. A single endpoint can be an entry vector, a form of persistence, and an exfiltration point for adversaries.
As such, organizations work hard to protect their endpoints. One way that organizations help secure endpoints is through investments in endpoint-centric technologies, including traditional antivirus and endpoint detection and response (EDR) tools. Security postures typically center around endpoint technology first and often include other types of telemetry to support endpoints. However, despite the investments that many organizations have made, adversaries still perform successful intrusions.
It’s time to consider what capabilities our endpoint defenses have and whether security teams are utilizing them to the fullest potential. In this SANS Protects paper, we look at threats to endpoints and ways that organizations can overcome or mitigate them. Our SANS Protects papers focus on threats and mitigations, helping organizations consider elements of security that they should be implementing.
Deploying an endpoint solution is no easy feat. Security teams have to consider many factors, including system resource utilization, how to consume and act on data, and ways an endpoint solution will impact users. Regardless, organizations must choose a solution that will best enable their security team to deliver on the requirement of protecting the organization, its data, and its users. Some key considerations for endpoint security, especially on the heels of today’s threats, include:
- Endpoint solutions should take advantage of newer technology trends, such as AI/ ML, advanced detections, and moving target defenses (MTD).
- Endpoint solutions should inform and enable security teams. Simply reporting detections, without additional context or associated telemetry, does not provide teams the necessary advantage.
- Endpoint security should be coupled with detection and response capabilities, so that teams can triage, analyze, contain, and block with the same platform.
Our SANS Protects series is also meant to be thought-provoking. As you work your way through this paper, we encourage you to evaluate the current state of endpoint security within your organization. It is possible—we hope likely—that you already have an endpoint security solution deployed. In that case, we encourage you to explore what has been deployed within your organization and confirm that you are receiving the protections your security team is making assumptions on.
To read full download the whitepaper:
2022 SANS Protects: The Endpoint
