Speaking to CISO MAG, Prateek Bhajanka, Senior Principal Analyst, Gartner explains why endpoints have suddenly become so important in the realm of enterprise network security.
By Brian Pereira, Principal Editor, CISO MAG
Edited Excerpts from the interview follow:
According to Gartner, there were 365 million desktops used in offices in 2019. But today, more than 1 billion employees work from home. That’s tripled the number of endpoints corporate networks. And the endpoints have moved to homes. How do you see corporates coping with the risks of attacks on home networks and remote endpoints?
As the number of endpoints increased this year, the organization became boundary-less, and there is no perimeter anymore. At the same time, the attack surface of an organization has also become wider because now, you may have one associate working from Himachal Pradesh, another working from Kerala, and someone working from Assam — or any part of the country or the world. That puts endpoint security very much on the radar or makes it one of the top priorities for any CISO or any security professional.
We see a number attacks in organizations like ransomware and phishing. The entry vector for these attacks are the endpoints. When they enter the organization’s network, they create havoc. So definitely it (endpoints) is a top priority for the organization.
To your point, what is it that the organization should be doing to make sure that they keep their endpoint segments secured? It is not just technology that would drive endpoint security, or that would be able to establish a very good endpoint security posture for an organization. It goes beyond technology. And by that I mean, the mindset needs to change at the decision-making level. It’s about the kind of awareness that needs to be created, the kind of on-ground awareness and training that needs to be imparted, to all the associates of the organization.
As we keep saying, security is a shared responsibility. Consider an organization that has a thousand employees and a thousand associates. Among these thousand associates, the level of security awareness, the level of security maturity, would vary significantly across the associates and across the employee base. And that makes it all the more harder for the organization to understand, or harder for the organizations to implement endpoint security. Ultimately, everything boils down to the understanding of the end-user or the associate. Should they click on this particular link or not, that has come from an unknown source. Whether to open this particular email or not, which may not have been solicited, or which may not be expected. So you need this kind of on-ground awareness also on top of the technology.
Can you elaborate on the mindset change?
The traditional mindset of CISOs and security leaders in India has been: let’s focus only on prevention and let’s invest only on prevention and try to stop the attacks from happening altogether. But this approach needs to change. Yes, it is changing. One should acknowledge the fact that hundred percent prevention is not possible. We must be prepared for an attack or for successful attacks. And even if we are not able to prevent an attack, we should be able to detect such an attack while it is happening. And we should be able to respond to that attack in a timely manner. To prevent it from spreading to the entire organization. So, this change in mindset, when it comes to understanding that the attacks are inevitable, it may happen. We need to have controls, we need to have capabilities on the detection and response side as well.
What about technology? We have been using anti-virus software for years to protect endpoints. Is that enough to protect remote endpoints today?
When we talk about the endpoint security technology, it is not just the anti-virus that we need anymore. We need a technology stack which can protect the organization across the layers, not just endpoint, and not just from malware, but also from phishing attacks. It should protect the endpoints from malicious websites that you may be browsing on daily basis.
The attacks that are coming from the network may result in account takeover, and credential compromised. And that’s why endpoint security goes beyond antivirus. You need a technology stack, which can help you secure against the unknown, sophisticated attacks, and which also safeguards against the email and the phishing attacks.
What are some of the attacks occurring through endpoints? Especially in India.
The most common attacks, not just in India, but across the globe, are the results of using the endpoint segment as an entry vector, to get into the organization. So if I spell out some names, it is the ransomware campaigns, the ransomware infections that we generally know about — WannaCry, NotPetya, and other ransomware campaigns and infections.
Besides ransomware, there are phishing campaigns, spear-phishing campaigns, attacks like social engineering, and business email compromise. Data breaches result in data exfiltration and these propagate through an endpoint segment.
And as you connect the endpoint to the corporate network, these attacks spread laterally.
The easiest way for bad actors to enter an organization is through the endpoint, which could be a laptop, desktop or smart phone. An employer and associate is allowed to browse internet and visits various websites for daily business operations. The employee is allowed to check emails coming from so many different sources, from outside the organization too. They can click on various links. There could be a link to make a payment for a certain procurement. That broadens the endpoint attack surface. It also increases the number of entry points for an attacker.
Trends show that endpoint security is going to be more SaaS based. Is that why Gartner forecasts cloud security spending to increase by 250.3% in 2021?
If you look into the definition of cloud security spending, as per the forecast report that we put out, that is more on the CASB (Cloud Access Security Broker) side. That is more due to the fact the enterprise resources are getting delivered through SaaS. It is towards securing SaaS applications like CRM, ERP, etc.
About the Interviewer
Brian Pereira is the Principal Editor of CISO MAG. He has been writing on business technology concepts for the past 26 years and has achieved basic certifications in cloud computing (IBM) and cybersecurity (EC-Council).
More articles from this author: