Build Endpoint Security into Your Zero Trust Strategy

Jun 25, 2020
4 minutes

While the term “Zero Trust” may immediately make you think of network security, a proper Zero Trust strategy extends beyond network. Endpoints play an important role, as they store and access data all around the world, making them vulnerable entry points for cyberattackers. With data and applications being accessed from distributed devices, the prevention-first approach and security policy should be consistent and coordinated between your endpoints and your network. Let’s explore how this works with managed endpoints.

The image shows the role that application and endpoint security play in a complete Zero Trust strategy.
Endpoint security is a critical element of Zero Trust

Let’s start with a quick overview of Zero Trust: As described by Palo Alto Networks CTO Nir Zuk, “Zero Trust is an end-to-end cybersecurity strategy that spans the infrastructure. With Zero Trust, you operate under the assumption that no user, endpoint, workload, application or content can be trusted at any entity, whether it has previously been checked or will be checked later on by another entity.”

From an endpoint security perspective, this means regularly validating who owns the endpoint, where it’s being used, who is using it, what applications are running on it, and what content it’s generating. But validation alone isn’t enough. You need to safeguard your endpoints from attacks to drastically reduce the chance your endpoints are ever compromised. Within a Zero Trust framework, your endpoint strategy should include:

  • World-class prevention. You must protect endpoints from known and unknown malware, exploits, and fileless attacks, blocking bad actors before they can even attempt to penetrate the network. Not only is it intuitive that you want to create more barriers between attackers and your company’s sensitive data, but endpoint security tools can analyze the operations happening on an endpoint in ways that network tools can’t – for example, validating that the packets coming from an endpoint are actually generated by a legitimate application, not malware or an admin tool that’s been hijacked for nefarious purposes. With the right endpoint security, you can find and eliminate malware by inspecting files, but you also can identify the combination of activities associated with attacks to block never-before-seen threats and script-based attacks with behavior-based protection.
  • Monitoring endpoints to detect behavioral anomalies. Your endpoint security strategy should include detection and response capabilities that monitor all activity with analytics to uncover attack techniques and unusual activity. You should look for tools that apply machine learning to endpoint data to increase detection accuracy. Endpoint monitoring applies both to users on your physical network and remote VPN users. With the recent increase in remote working, it’s now more important than ever to extend your detection and response capabilities to your remote users. 
  • Integrated visibility across your infrastructure. Zero Trust applies to all elements of your digital enterprise – your endpoints, your network, your users and more. Similarly, your approach to detection and response should encompass all your assets – not just your managed endpoints. Cyberattacks can originate from any source, and involve multiple endpoints, compromised user credentials and more. To get a complete picture of an attack, you must track every step and every affected user and endpoint. Our Managed Threat Hunting team at Palo Alto Networks has helped customers identify attacks from unmanaged devices and from remote users, and in many cases, our team would not have easily revealed the full scope of the attack without extended visibility. For example, in one case, they found the source of Qakbot infection – an unmanaged device – using Cortex XDR™ and a combination of network and endpoint data.  


How Cortex XDR Enables Zero Trust

Cortex XDR provides everything you need to safeguard your endpoints. It combines industry-best AI and behavior-based protection to block advanced malware, exploits and fileless attacks. By integrating Cortex XDR with your existing network and cloud security from Palo Alto Networks, you can achieve consistent, coordinated security across your organization.

Going beyond traditional endpoint security tools, Cortex XDR stitches together network, endpoint and cloud data and applies machine learning to detect anomalies from softer signals. This allows Cortex XDR to uncover and stop even the stealthiest attackers, who may otherwise be able to get past each individual layer of defense.

Hear Palo Alto Networks CTO, Nir Zuk, talk more about how endpoint security fits into a Zero Trust strategy.

This post is part of a series covering “Zero Trust Throughout Your Infrastructure.”

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.