Advanced Endpoint Threat Detection in a Mobile World


How many devices are connected to your network?

It’s probably more than you’d think. The increasing number of network connected devices means more endpoints, making endpoint threat detection difficult, yet more important than ever.

By analyzing, improving, and monitoring your network using sophisticated endpoint protection solutions, your organization can neutralize threats long before they have the chance to cause serious harm.

Mobile Endpoints Have Dramatically Increased

And So Have the Risks

Think for a moment about how many major security breaches there have been in the past year or so. Target, Home Depot, the U.S. Postal Service and now most recently Sony have all suffered major data breaches.

Worse, some of these data breaches appear to have revealed highly sensitive personal information about customers and employees – information like social security numbers, medical records, salaries, and passwords.

The JP Morgan Chase hacking alone affected 76 million households. Hundreds of millions more people have been affected by similar security breaches in the past year.

While each of these attacks were executed in a different way, some of them were definitely made possible through compromised network endpoints.

Endpoints – any point of access to your organization’s network – pose a serious security risk. These points of access could be any device or system that connects to your network: phones, laptops, tablets, and more.

The Bring Your Own Device Policy

Since more companies are practicing a “BYOD” (“bring your own device”) policy with their employees, the number of endpoints is increasing. This also means the number of potential network threats is increasing too.

Sometimes, all an attack needs is a single compromised device to connect to the network. Since employee-owned devices aren’t in the control of your organization, they are an ideal target for hackers.

Threat Sophistication is Increasing

Hackers often target end users via familiar, “safe” platforms (which aren’t really safe at all), including LinkedIn, Gmail, and similarly popular websites. Some other attacks send their phishing attempts straight to the user via SMS phishing and similar techniques.

Then, once hackers have gained access to a user’s account via a stolen password or injected piece of malicious code, they carefully and patiently wait to execute their attacks (this is similar to what happened in the Home Depot data breach).

Hackers often have access to a system via a compromised endpoint for months or even years before an attack takes place, making detection using traditional threat detection techniques next to impossible.

The good news is that, although complete mobile device endpoint security is next to impossible for BYOD networks, endpoint management solutions and advanced endpoint threat detection can protect your network from nearly all serious threats to your data.

Optimizing a Network for Endpoint Threat Detection

What’s a better approach to figuring out whether your network has been compromised than simply waiting for evidence of a breach? It’s to assume your network already has been breached, then carefully looking for the threat using a broad set of tools.

While every organization is different and therefore, has a different set of challenges regarding endpoint protection solutions, generally you should optimize your network for endpoint threat detection in the following way:

  1. First, the network needs to be analyzed from the inside out. Carefully review your organization’s network to identify all potential endpoints and vulnerability sites. Many companies have a strong infrastructure with monitoring and tools already in place to help obtain real-time intelligence about potential threats. Others need to improve their networks for this purpose.
  2. Next, once your environment is understood and analyzed, it needs to be reviewed. Identify all potential “holes” and endpoints where hackers could potentially breach your network. Don’t forget about virtualization, which creates many endpoints from a security perspective. The total number of endpoints and potential breach sites depends on your unique network structure.
  3. Once you have analyzed your network, look at your current endpoint management solutions. What technologies are in place to control access to your network? Do employees bringing their own devices need to have special security protocols installed in order to gain network access, or do they simply use a network password? How does your company verify connected devices are compliant with network security standards? This is more difficult than it appears. A device may appear to be compliant, but unseen modifications may make it more vulnerable (such as a jailbroken iPhone).
  4. Finally, ask yourself, how does your organization identify compromised endpoints? Once a compromised endpoint is discovered, what mobile endpoint security solutions do you have in place to neutralize threats when they are found?

Once your organization has implemented a procedure similar to the one described above, you’ll have much more network visibility and greater actionable intelligence you can use to protect your network. This increased end-to-end network visibility will make detecting threats much faster.

Endpoint Protection Solutions Detect and Remove Vulnerabilities

Because hackers are constantly refining their techniques and discovering new vulnerabilities, it’s nearly impossible to make your network 100% safe from vulnerabilities. The good news is you can find and neutralize threats before they have the opportunity to harm your business. Statistical and behavioral analysis enables much faster threat detection, allowing you to act early.

  • Statistical analysis uses historical analysis to find slow attacks that normally wouldn’t be visible without reviewing a large period of time, such as the past 6 months or year. For example, perhaps an employee’s device accessed the network an average of 30 times per day for 6 months but then suddenly logged in during the middle of the night. This anomaly could be caused by a compromised endpoint.
  • Behavioral analysis uses more subtle detection systems that identify behavioral anomalies based on historical data collection. This allows you to detect threats operating below the threat signature noise threshold, enabling more accurate endpoint threat detection and less alert fatigue on the part of your network administrators. An example of this would be analyzing how often programs changed, since malware often changes or installs itself on many devices quickly, while legitimate programs do not change quickly.

Through combining statistical and behavioral analysis, your network will deliver greater threat detection immediately at the endpoint. Seemingly random, unconnected blips in your endpoint data collection will be linked.