5 Ways Endpoint Security and Network Security Should Work Together
Wrong endpoint security solution can leave your endpoints vulnerable to threats and undo the work that has gone into securing the network.
With network security, no single solution will protect against the variety of threats that organizations face. For more comprehensive protection, a combination of hardware and software provides multiple layers of security to defend the network against various threats. The time, cost and manpower required to carefully select, implement and maintain these tools is a huge investment for any organization. However, those within the network environment will not always be inside the perimeter, and the network protection capabilities will not always apply to them. If endpoints are not protected with the right security solution products, these individuals could bypass the perimeter security and introduce outside threats into the environment. The wrong endpoint security product can undo all of the work that has been done to secure the network.
Below are the five things your endpoint should do to prevent a negative impact on your network security posture:
1. Integrate threat intelligence natively.
According to a 2016 Ponemon study, 39 percent of respondents agree that all attacks can be blocked if the organization is engaged in the sharing of threat intelligence. Employing global threat intelligence expands protection capabilities beyond the knowledge of one solution to the shared intelligence of a global community. When other members of the community encounter new attacks, that information is shared so all members can automatically detect known threats and quickly identify unknown threats.
Both the network and the endpoint should participate in threat intelligence sharing, continuously applying growing threat intelligence across the devices in their own environments. They should also exchange intelligence with each other so that what is identified and prevented on the endpoint can also be identified and prevented on the network.
Threat intelligence alone is not enough, however. Most organizations that subscribe to intelligence feeds are drowning in data they can’t correlate or translate into actionable intelligence. Without the ability to automatically translate threat intelligence into new protections, organizations are just buying more data. The problem gets worse when there is no native integration between the components in an environment to produce and share that threat intelligence. Intelligence that is not natively integrated and cannot be automatically translated into new protections is of little use unless you throw more people at it. The end result would merely be a more people-intensive process of data analysis.
2. Protect against known and unknown threats.
Most traditional security products are designed to detect known threats before they enter an organization. In many cases, by the time an unknown threat has been detected, critical assets have already been compromised and detection is too little, too late. Additionally, while attackers often reuse existing malware and exploit techniques, they will also modify existing attacks or create entirely new ones to evade detection. This leaves a whole gamut of threats undetectable by most security products.
Detection and remediation on the network or endpoint are invariably time-consuming, people-intensive and inefficient. This problem can be avoided if both the network and the endpoint can prevent known and unknown threats. Ideally, your endpoint security solution’s prevention capabilities should not rely on signatures nor prior knowledge of an attack or vulnerability, and should incorporate various analysis and prevention methods to maximize effectiveness.
3. Be automated.
Attackers have automation, scalability and specialized tools at their disposal. In Ponemon's 2016 Economics of a Breach survey, 68 percent of respondents said automated hacking tools make it easier for attackers to execute successful attacks. An entire economy and marketplace exists to drive the proliferation of these tools at affordable prices.
To defend against increasingly sophisticated attacks, organizations employ point solutions that are often complex and people-intensive, yet seemingly insufficient. To outpace attackers, an organization must make successful attacks more challenging and less profitable. Respondents in the aforementioned survey claim 60 percent of attacks can be deterred if an attack requires an additional 40 hours to conduct. The only way to achieve this in a scalable and sustainable fashion is with automated prevention.
Detection on either the network or endpoint is not scalable if a security analyst must be dispatched to investigate alerts. Automation makes an organization a more difficult target by delaying the success of an attack and thus the payout, and causing the attacker to move on to their next potential victim.
4. Deliver persistent protection.
Users are increasingly becoming more mobile, connecting to internal resources from points around the globe that are outside the organizational network perimeter. There should be the same level of protection on all endpoints, regardless of their connectivity: online or offline, on- or off-premise. Lack of persistence in these protections will lead to a compromised endpoint and, quite possibly, a compromised network, regardless of network protections already in place. Endpoint security must extend beyond the traditional network perimeter, where many cyberattacks target end users and endpoints, and where the network does not have complete visibility.
5. Provide full visibility into activity on the network, endpoint and cloud.
Modern attacks go through multiple steps to achieve their objectives. To successfully prevent an attack, organizations must have full visibility of all users, devices and data across their network, endpoint and the cloud. This visibility is necessary to understand the context of an attack, enforce security policy across the network and endpoint, and correlate security events to improve the organization’s security posture. When natively integrated threat intelligence is combined with the automated prevention of known and unknown threats to deliver persistent protection, regardless of connectivity or location, the synergistic effect can dramatically improve an organization’s security posture. This will make the organization less appealing to opportunistic attackers as well as minimize the likelihood of a successful targeted attack.
Choosing the wrong endpoint security solution can leave your endpoints vulnerable to threats and impede, or undo, the significant work that has gone into securing the network. Your endpoint security solution should secure all endpoints continuously, as well as bring additional capabilities to other parts of the organization and bolster your overall network security posture overall.
Cortex XDR is the industry’s first extended detection and response platform that stops modern attacks by integrating data from any source. With Cortex XDR, you can harness the power of AI, analytics and rich data to detect stealthy threats. Your SOC team can cut through the noise and focus on what matters most with intelligent alert grouping and incident scoring. Cross-data insights accelerate investigations, so you can streamline incident response and recovery.
Cortex XDR delivers peace of mind with best-in-class endpoint protection that achieved the highest combined protection and detection scores in the MITRE ATT&CK® round 3 evaluation. The Cortex XDR platform collects and analyzes all data, so you can gain complete visibility and holistic protection to secure what’s next. As part of Palo Alto Networks portfolio of security solutions, Cortex XDR integrates with WildFire® cloud-based threat analysis service to automatically convert threat intelligence into malware prevention, preemptively blocking threats before they can compromise an endpoint.