It’s time to rethink enterprise security. The current approach is clearly not working. The rate of cyber attacks, already a major concern before the world shifted to working from home, is off the charts. In fact, more cyber attacks were launched in the first half of 2020 than in all of 2019. According to research cited in Government Technology, ransomware attacks increased in ranges from 72 percent 148 percent during the 2020 Coronavirus pandemic. And given the likelihood that organizations will continue to rely on some combination of work-from-home arrangements for the near, and conceivably long-term future, it’s possible the worst is yet to come.
For anyone in enterprise security, the question needs to be asked: “How did we get here?” It’s certainly not because of a lack of will or budget. The global cyber security market reached nearly $175 billion in 2020, with spending on endpoint security tools accounting for nearly 25 percent of that total. Numbers are only expected to grow and even double within five years. And yet, despite this increasing investment, more than 70 percent of all successful data breaches still originate on endpoint devices.
So, perhaps we should rephrase the question: What can we do to improve our security posture? And how do we hone in on the security solution investments that are most appropriate for where we are today?
It’s time to rethink enterprise security. The current approach is clearly not working. The rate of cyber attacks, already a major concern before the world shifted to working from home, is off the charts.
That’s why we at Symantec, as a division of Broadcom, are more focused than ever on building and executing a cohesive endpoint security strategy—one that addresses the challenges you are facing today. Our singular focus has been on addressing the challenges organizations face in their security operation day-to-day.
Among those challenges are the things your security cyber warriors cannot see. Despite being well-trained, diligent and adept at using the standard endpoint protection and endpoint detection & response tools, enterprises struggle to stay on top of every attack. That’s because threats are evolving, and relentless attackers are getting more sophisticated in their approaches, evading detection, and bypassing security controls. Attackers are taking advantage of your blind spots. These blind spots can significantly impact business operations and assets. Here are the most common ones:
- Good / legitimate applications: IT teams use multiple tools and scripts for day to day management of their complex and heterogeneous enterprise environments. The tools and scripts are generally safe when used for legitimate purposes. Applications are permitted to run in the enterprise with full privileges. That’s a problem because attackers are also using these tools against us. It’s called “Living off the Land.” It’s a blind spot because you can’t fully block the applications without crippling your business productivity. Therefore, you need technology that allows legitimate tools to run while blocking malicious and/or suspicious behavior to optimize protection and productivity.
- Your Active Directory: Active Directory contains information about users and their credentials, devices, servers, and applications in your enterprise. Every domain connected endpoint in your enterprise has access to Active Directory making it an open book and key target for attackers. An attacker only needs to compromise and perform a few queries on a single device to obtain total domain dominance. Because of how quickly this happens, it would be irresponsible to assume that your SOC team and existing tools would be able to react in time to prevent the damage. That’s why it’s critical to deploy sophisticated technology tools to protect Active Directory from the endpoint and prevent lateral movement by stopping attackers on their first move, before they get the keys to the kingdom.
- Myopia – lack of a global view: The third blind spot is an in-flight targeted attack that you know nothing about. These days, your security teams are overwhelmed with massive amounts of data, and it can be a challenge to find an attack in all that data. Without a global view, attack patterns of sophisticated groups are impossible to find. By only relying on patterns from your environment, you simply don’t have a complete picture. What you need is the power of machine learning automation combined with expansive global threat intelligence and the expertise of our highly skilled analysts to find the smallest of clues and assemble them into a picture that details a current attack unfolding in your organization.
Here at Symantec, we have devoted considerable R&D effort to evolving our endpoint security technologies to solve for these blind spots. In this Symantec Cyber Warrior blog series, we will be sharing important information on what you should be concerned about regarding your security posture. If you are a CISO, security practitioner, security administrator, or security operations center analyst, please plan to visit our Symantec Cyber Warrior blog series often. We will point out other endpoint security weaknesses that you need to look out for. These insights will be complemented with details about our technology research and innovations to ensure that you are prepared for the next attack whenever it hits.
The next post on our Symantec Cyber Warrior blog series will talk about what technologies we have embedded in our full-feature Symantec Endpoint Security Complete product to expose the most common blind spots and help you defend against them. Stay tuned!
We encourage you to share your thoughts on your favorite social platform.