Is Endpoint Protection a Comprehensive Security Solution?

by Sarah Harvey / March 26th, 2019

Does your organization have a bring-your-own-device policy? Do your employees use external storage devices? How do you protect workstations, servers, and mobile devices that connect to your network? The perimeter of businesses today only keep expanding – and so does the use of endpoint protection. Is endpoint protection the best way to protect your network, though?

The Rise of Endpoint Protection

With the number of endpoints with the ability to connect to your network, endpoints are becoming a common, easy entry point for cyber attacks. Greater visibility, control, and security is needed to prevent attackers from compromising your network.

A trend within the industry that we see is the implementation of endpoint protection platform (EPP) solutions. Makes sense, right? If endpoints are the vulnerable access points, put something in place directly at the device level to protect them. Cisco’s definition says, “An EPP solution is known as a preventative tool that performs point-in-time protection by inspecting and scanning files once they enter into a network.” EPP solutions include antivirus, anti-malware, data encryption, personal firewalls, intrusion prevention, and data loss prevention. Most EPP approaches identify threats based on known file signatures for newly discovered threats.

The next level of endpoint protection is endpoint detection and remediation (EDR) solutions. Cisco’s definition says, “An EDR solution goes beyond simple point-in-time detection mechanisms. Instead, it continuously monitors all files and applications that enter a device.” EDR solutions go a step further than EPP by providing more visibility and analysis for threat investigation. Even more so, EDR solutions can detect threats beyond just signature-based attacks, including fileless malware, ransomware, and polymorphic attacks.

Most endpoint protection solutions offered today now combine EPP and EDR solutions, but implementing endpoint protection alone doesn’t make a comprehensive information security program. Endpoint protection should be just one component of a full-spectrum of security solutions and processes that stop targeted, advanced threats.

Benefits of Penetration Testing

To get the most out of your information security program and processes, consider undergoing regular, advanced penetration testing. The findings from penetration testing can actually help you remediate the common vulnerabilities that malware and APT groups rely on to exploit endpoints – not just prevent the threats, like EPP and EDR solutions provide.

Threat groups are constantly evolving their tooling and malware, which endpoint protection struggles to keep up with. Once an attacker is inside your network, they can move laterally and find what they want or need. Don’t you want to do everything possible to keep them from ever getting inside? If your organization can harden the underlying vulnerabilities that are found during penetration testing, that will mitigate entire threat categories at the root, rather than having to react any time an iteration of a threat is detected.

Remediating findings from penetration tests could be substantially cheaper than relying on a third party security layer to (hopefully) catch the latest iteration of a threat. If you use qualified, skilled penetration testers, they will find and exploit the vulnerabilities that an attacker will use, plus provide remediation tactics for the vulnerabilities found. If your security budget is tight, penetration testing may be a more effective solution for you than endpoint protection.

A penetration test itself won’t fix your security problems, but when you use the findings to mitigate vulnerabilities, you are going beyond endpoint protection. We do acknowledge, though, that there is great value in endpoint protection. If you choose to utilize EPP or EDR solutions, it’s crucial to find one that integrates with your other security measures. When vulnerability, patch, and configuration management can be cohesive with endpoint protection, you’re getting a more comprehensive solution.

If you’re interested in getting the most of your information security program and pursuing advanced penetration testing, contact us today. Our team of expert penetration testers will find and exploit your vulnerabilities in order to provide remediation guidance so your team can protect your network.