Global cyberattacks increased by 38% in 2022 (Source). And because attacks are not only becoming more common, as well as difficult to detect, 65% of organizations plan to increase their cybersecurity spending in 2023 (Source). Even so, hackers will continue to hone their skills and exploit vulnerabilities. Successful ransomware attacks will happen. Theft and sale of personally identifiable information (PII) and other “valuables” on the dark web will happen. Investments in additional security layers and technologies such as MFA, antivirus, endpoint detection and response (EDR), mobile device management (MDM), mobile threat defense (MTD) and others can reduce chances of successful cyberattacks. However, the importance of endpoint security fundamentals should not be underestimated. Think of it as remodeling a charming fixer-upper without first addressing tell-tale signs of a sinking foundation. Not a wise move. Hence the requirement for building permits and a laundry list of inspections and approvals throughout the build. And like a home that requires a solid foundation, a strong security posture begins with a solid foundation as well. That’s where endpoint security fundamentals come into play.
The first in a multi-part series, this blog highlights key steps you can take to improve endpoint security for your organization – without significant investments in additional tools. Subsequent blogs will explain how NinjaOne can help you to ensure these fundamentals are consistently leveraged.
Endpoint security fundamentals?
Fundamental endpoint security is a core factor in security solution effectiveness. Even advanced security solutions can be hampered by the absence of fundamentals that can get lost in the shuffle as IT wrestles with a complex assortment of siloed tools and the daily IT grind – too much to do, short-staffed and/or lack of experience. Following best practices when onboarding and managing endpoints can significantly improve your organization’s ability to defend against attacks. Start here:
- Establish and maintain deep visibility and sufficient control over endpoints
- Reduce patching complexity to ensure consistency and avoid gaps
- Harden endpoints to reduce the number of attack surfaces
- Establish a solid backup routine
Let's take a closer look.
Deep visibility into endpoints
You cannot secure what you cannot see. Maintaining real-time, deep visibility into all managed devices accessing your network enables a historically reactive IT department to become more proactive and better serve their users. Nipping potential issues in the bud before they blossom into productivity blockers (or even worse, before they unwittingly roll out the red carpet for a cyberattack) - is a win for the entire team. Ongoing awareness of endpoints that have fallen out of compliance and thus introduce potential security vulnerabilities is key, along with the ability to quickly take actions to bring them back to compliance. Examples of endpoint visibility include the ability to:
- View and manage all endpoints in real-time
- Create and enforce device policies
- Discover and manage rogue devices
- Identify known vulnerabilities
- Alert on security-related activities
Get complete visibility into your IT estate with an always-updated inventory. See how.
There is a cyberattack attempt every 39 seconds (Source).
Simplified patching reduces potential for human error and security gaps
Ask IT admins to name their most challenging tasks, and patching will likely appear at or near the top of the list. If you consider the sheer number of applications deployed and managed, the number of patches to apply (some multiple times due to unforeseen issues), difficulties associated with patching remote worker and road warrior endpoints, and the push to minimize impact on users across regions and time zones – to say patching is a complex is an understatement. Nevertheless, patching is a critical component in the battle to fend off cyberattacks. At a minimum, your patching solution should enable you to:
- Identify known vulnerabilities daily
- Patch OS, applications, drives, and firmware
- Remediate critical vulnerabilities immediately
- Deploy other patches as quickly as is reasonable
- Validate and report on patch outcomes
NinjaOne makes patch management zero-touch across your Windows, Mac, and Linux endpoints. See how.
76% of companies lack effective patch and vulnerability management (Source).
Endpoint hardening is another essential tactic used to reduce chances of a successful cyberattack, as well as ensure device compliance, and maintain business continuity. So, how does endpoint hardening work? It’s all about decreasing the level of risk by reducing the attack surface - a combination of all the potential flaws and backdoors in technology that could be exploited. And while there are numerous steps admins can employ to achieve this, the underlying theme is the same: assume more control over managed endpoints. A robust endpoint management solution should enable you to harden endpoints at scale. A few examples of key functionality you should consider are the ability to:
- Adjust default settings to make them more secure
- Ensure drive encryption
- Require strong passwords and use of MFA
- Identify unprotected endpoints and deploy security applications (I.e., antivirus)
- Harden the operating system and its configuration (I.e., restrict lateral movement tools and techniques, secure boot, logging, etc.)
Endpoint security vs. endpoint hardening? Similar, but different. Learn more.
82% of organizations lacked local admin password management controls (Source).
Having worked for three backup and recovery (BAR) vendors thus far in my tech journey, I have learned the importance of reliable backups. I have also learned that backups, like patching, are a thorn in the side of many IT organizations. Though BAR technology has evolved since my days as a tape library PM, challenges remain. Failed backups. Slow backups. Degradation in network performance during backups. Complexity (scheduling and managing full, incremental, and differential backups). Adhering to the 3-2-1 rule (three copies of your data on two different types of media and one additional copy stored offsite for disaster recovery). Long story short, backups are a powerful weapon to wield against a successful ransomware attack. And though BAR solutions share many common features, a few key things to look for are:
- Reliable cloud-first file & folder, and image backups
- Flexible cloud-only, local and hybrid storage options
- Ability to backup all Windows and macOS endpoints – as well as servers
- Use of FIPs cryptography and MFA to secure file restores
- Easy, self-serve file restores for your users
Ninja Backup is secure, flexible, cloud-first backup for remote and hybrid employees. Learn more.
44% of companies have no usable backups (Source).
I hope you found this information to be helpful. NinjaOne Endpoint Management empowers IT organizations to simplify the management of distributed, disparate endpoint devices, while also taking fundamental, yet critical steps to improve security posture – all from a single console. Please keep an eye out for the other blogs in this series which will dive deeper into each of the endpoint security fundamentals called out above and explain how NinjaOne can help you to employ each of them on a consistent basis.