This blog is about the “easy three” endpoint defense technologies:
When it comes to combating cyberthreats and protecting personal data, these three pieces can form an important part of your defense strategy. However, it’s important to realize that the “easy three” can’t stand alone if you want to avoid fines under the General Data Protection Regulation (GDPR). Because ultimately, GDPR is about the user’s data-privacy rights and protection of those rights. While endpoint defense plays a pivotal role, it’s important to keep in mind that there are many parts to data protection as it’s defined within GDPR.
The great thing about these technologies is they’re easy to deploy and simple to manage from an RMM tool. Each MSP has their own favorite suite of tools—some expensive and some not. Some have a high success rate and some don’t. Bring together two MSPs, and you’ll see a passionate debate over which product works best.
Unfortunately, the “easy three” technologies don’t work well against cybercriminals without other foundational components in place. It’s akin to building a house on a shaky foundation—we all know what happens to the house over time.
Tackling the problem at the endpoint without using the tools and techniques mentioned in the previous quick-wins strategy articles generally demands more endpoint agent-based solutions. These endpoint solutions, most often built for larger organizations, can include a data-loss prevention (DLP) component, privilege management, a supplemental firewall (or replacement for Windows® firewall entirely), or a VPN component—the list goes on. When you add antivirus and web protection to the endpoint itself, that computer’s resources will be stretched thin. You may even get some complaints from users who hate waiting for all this “security stuff” to fire up. Also, if an endpoint is resource-starved, the security software can just stop working.
If the equipment is old and uses slower CPUs or non-SSD hard drives, the system could be excruciatingly slow. When the endpoint also has resource-heavy applications or client-server applications, you will likely receive user complaints about performance.
So, the first rule of the endpoint protection club is to test endpoint protection before rolling it out en masse. And keep in mind—at a minimum, servers deserve the same endpoint protections as workstations. If something makes it past a workstation’s defenses, there’s a good chance the server will pick it up. Don’t take any chances here.
“Kill it dead before it even gets inside the organization.”
That’s the central idea behind an on-premises or cloud-based mail protection product. Mail protection cuts down on spam, quarantines emails with suspicious attachments, and even combats phishing attempts. Some mail protection products use multiple live antivirus engines to protect the network, while others conduct sandbox analyses to check if any attachments cause problems.
Mail protection can be helpful in two scenarios. First, mail protection helps prevent malicious email from coming into the organization. Second, mail protection also helps when spam or malicious emails go out of the organization. It’s not uncommon for cybercriminals to hijack inboxes as a way of sending out spam or spoofing the senders’ information for a phishing scam.
“Kill it dead before it infects the workstation.”
“Kill the network connection or prevent infection in the first place.”
Web protection can be great for keeping users off sites that could potentially infect their computers. But it does more than just that. Web proxy and network layer protections can be used as a last-ditch preventive technology to try to knock out a Trojan’s attempts to contact a command-and-control (C2) infrastructure to download a malicious payload. With cybercriminals’ access to fast flux DNS, domain generation algorithm (DGA), and even Dark Web servers, network layer protections are truly last ditch, but they’re useful nonetheless. Certainly, if traffic analysis shows communication to potentially malicious sites, that could be a good indicator of compromise. Network layer protections help identify the presence of something bad if the email protection and antivirus missed it.
It’s no secret that parts of the web are absolutely riddled with malware. Stolen content sites (popular movies and TV shows) and adult material are both extremely dangerous for even the most protected endpoints to visit. Web protection keeps users off those sites to prevent malware (as well as human resources issues).
Most compliance frameworks require endpoint defenses. But given the dangers and capabilities of cybercriminals, the “easy three” need reinforcements and must stand on a solid foundation to maximize endpoint and data protection.
The final word: don’t skimp on endpoint defenses, but don’t forget to employ other foundational technologies as well to help ensure protection for data at all levels.
This document is provided for informational purposes only and should not be relied upon as legal advice or to determine how the EU General Data Protection Regulation (GDPR) may apply to you and your organization. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies to your organization, and how best to ensure compliance. SolarWinds MSP makes no warranty, express or implied, or assumes any legal liability or responsibility for the information contained herein, including the accuracy, completeness, or usefulness of any information.
© 2018 SolarWinds MSP UK Ltd. All rights reserved.