June 02, 2022

Four ways to upgrade your endpoint security

In 2022, upgrading endpoint security should be the main priority for chief information officers (CIOs) and cyber security teams. It is easiest for hackers to infiltrate business networks through endpoints. These include the ever-growing number of employee computers, internet-enabled devices and servers.

Compromised endpoints are where most attacks on business networks take place. Hybrid workspaces and telecommuting have made corporate networks highly insecure with an increasing rate of unmanaged devices being added all the time. The bring-your-own-device (BYOD) and work-from-anywhere trends are likely to stay, prompting those responsible for cyber security to take a new approach to endpoint security.

SEACOM Business offers endpoint security solutions for large enterprises or medium-sized businesses in South Africa. We have put together a few tips for enterprises looking to improve their endpoint security.

1. Upgrade endpoint security with Endpoint Detection and Response (EDR) software

EDR tools collect and collate data from all corporate endpoints. Large enterprises can have thousands of endpoints connecting to their network. Each active endpoint continuously produces data, so having an EDR tool that can analyse high volumes of data is essential.

Cloud-based EDR software provides the most accurate insight using real-time analytics. Taking into account both cloud and on-premise endpoints, the latest EDR technologies offer an integrated approach to endpoint security. Automation speeds up threat and vulnerability detection. Algorithms process huge volumes of data and can provide automatic responses to threats, such as removing or containing security breaches. Security teams receive alerts, ensuring a rapid response to threats.

EDR tools proactively defend enterprise networks, identifying threat patterns, detecting suspicious activities and blocking malicious activity. EDR software supports IT teams in restoring affected systems and boosting endpoint protection.

2. Identity Detection and Response (IDR) software

It is essential for enterprises to have a cyber security strategy in place to prevent and mitigate a ransomware attack - just one weak password can spark a large-scale security breach. IDR tools deal with credential theft and misuse. It also monitors behaviour, detects suspicious changes to credentials or mass changes to accounts, as well as suspicious reactivation of disabled accounts.

Security breaches can happen from within the company so SEACOM Business endpoint security solutions take a zero-trust approach to limit access to business networks and data. Policy-based credential controls link usernames and passwords to specific devices. Concealment technology can be used to hide real credentials, making it extremely difficult for attackers to infiltrate endpoints. Deception decoys are sometimes adopted by security teams to identify attempts at lateral movement from one endpoint to the rest of the business network.

3. Entitlement Management to prevent security breaches

Authorisations, privileges, access rights and permissions are granted and revoked from Entitlement Management software. From a cloud-based console, administrators can manage entitlements for different devices, applications, platforms, networks and users. Multi-factor authentication (MFA) is a basic cyber security tool that has done well to support remote working. However, it does have its short-comings and many enterprises need to update their approach to Entitlement Management.

When businesses migrate to the cloud, a large number of entitlements are enabled to speed up the migration process. The negative side of this is that it creates massive exposure and risk due to an increase in attack surfaces. It is estimated that around 95% of entitlements are never actually used.

A cloud-based Entitlement Management solution uses automation to evaluate entitlements, identifying exposures and deviations from security policies. For example, if an employee has turned off MFA or reused a password, automated software will pick up on these entitlement policy breaches.

4. Secure your Active Directory to boost endpoint security

The Active Directory is a database which connects all users and network resources. It stores critical information about corporate networks and is an interface that essentially says who is allowed to do what. Administrators can change permissions for users, groups, devices and applications, making the Active Directory a low-hanging fruit for hackers.

Businesses need to use automation to protect their Active Directory. While manual checks can take weeks, automation can undertake a vulnerability assessment in a matter of minutes. Detailed health checks give insight into Indicators of Exposure (IoEs), identifying weaknesses in the Active Directory and providing recommendations.

Case study: Colonial Pipeline Ransomware Attack

There are massive costs associated with poor endpoint security and targeted attacks. Consider what happened in May 2021 when a U.S. energy company was forced to shut down a major fuel distribution pipeline because of a single compromised password.

The ransomware attack on the Colonial Pipeline is a cautionary tale for businesses worldwide. An investigation into how the breach happened revealed that it happened because of a virtual private network (VPN) account that was no longer in use. The VPN account didn’t use MFA and it seemed as though the employee had used the same password on another account that had previously been hacked.

It is believed that DarkSide, a cybercrime group based in Eastern Europe, was responsible for the attack. Hackers stole 100 gigabytes of data before locking devices with ransomware, threatening to leak the data unless the company responded to their demands. An extortion fee of 75 Bitcoin (almost R500 million) was paid to the attackers before the systems were restored.

SEACOM Business solutions for endpoint security

As the number of endpoints exponentially increases, IT teams need to pay more attention to endpoint security. New technologies related to EDR and IDR are essential for preventing and mitigating endpoint attacks. Data analytics to monitor behaviours and detect suspicious activity require advanced automation that can handle the large volumes of data produced by endpoints connected to corporate networks. For more information or to get a quote for endpoint security solutions, email us at marketing@seacom.com or leave us a message.

SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our internet and voice solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.

Need internet for your home? Our subsidiary, WonderNet, brings fast and cost-effective broadband internet to all Africans with a fibre-to-the-home offering.