Endpoint security: An important topic in hybrid work environments

Many people are still working from home or remotely. Secure access to the company network and methods for protecting end devices play an important role in defending against cyber attacks.

The global pandemic has finally turned the world of work, as we have known it for decades, upside down and accelerated the transition to working from home. Many offices where employees used to perform the majority of their work are now vacant. Today, most people are either working from home or doing so remotely. Even though at the current moment the coronavirus is perceived as a lower risk by many, companies are still being cautious. Many have also now also recognized the advantages of remote working models.

Why there will be no return to the old world of work

It looks like the current situation is here to stay. For example, in the evaluation of a current study with 28,000 participants, the Stepstone recruitment platform claims that "there will be no return to the old world of work". Almost one in two employees are still working from home and at most go to the office only a few days a week. Around half of companies also consider it “necessary to offer flexible working conditions and remote work concepts”. However, one in five companies had to admit that they were “not yet broadly positioned for this purpose”.

There is still a lot of catching up to do, especially when it comes to securing the home office. Working from home has caused a rapid increase in the number of end devices, not previously managed by the IT department, suddenly having to connect to the company network. This has created significant new challenges, which are still being worked out today.

Why enlarged attack surfaces require new security concepts

For example, the renowned IT security provider Trend Micro reports in its Cyber Security Report 2021 that last year in the USA around 72 percent of companies had problems protecting their corporate network against cyber attacks that originated from workers in home office. In other words, working from home has increased attack trajectories for companies. As an example, companies in Germany have been found to be the focus of the attackers. Around a quarter of the threats related to Covid-19 discovered worldwide in 2021 were detected there, according to Trend Micro. These attacks were found to mostly be due to infected or manipulated e-mails and risky websites, but in less common occurrences malware files were used.

A greater number of employees working from home and increasingly sophisticated attack methods mean that conventional measures used to protect companies against attacks are no longer as effective as they used to be. That means, installing the latest version of antivirus software on employee devices is only a first step towards better protection. Companies need to think even more about how they can effectively protect their resources now more than ever. For example, replacing the humble password for user authentication is long overdue. In this regard, multi-factor authentication offers far more protection, using a special authenticator app that protects remote access with additional time-based one-time passwords.

Companies should also consider implementing the zero-trust approach. Perimeter-based strategies of the past that classified everything within the corporate firewall as largely secure, while denying all external threats, are no longer suitable for today’s hybrid workplace. Instead, every single access – whether from the inside or the outside – must be carefully checked. Zero trust means zero trust! Access should only be granted if it is really needed and only for a limited period of time.

How endpoint security is replacing legacy silo solutions

The pandemic has once again put IT security teams under significantly greater pressure. Security solutions are now needed that will cover all attack trajectories, and many security experts believe that this task can no longer be fulfilled with single applications. Thankfully, modern endpoint security applications can also be centrally managed and cover a wide variety of platforms, not just Microsoft Windows, but often macOS and Linux, as well as Android and iOS. The market now offers a wide range of offers and technology.

Key features of a comprehensive enterprise endpoint security solution include:

• Verifying end devices by checking domain affiliation, virus protection, operating system and other relevant parameters
• Cross-platform applications
• Malware defense
• Spam, phishing and URL filters
• Protection against targeted attacks and zero day exploits
• A stronghold against file-less attacks that only reside in system memory.

Current endpoint security solutions use a variety of technologies that combine local detection with cloud and machine learning (ML) systems. Sandboxes for analyzing unknown files, mechanisms for detecting typical ransomware behaviors, exploiting blockers and botnet sensors are usually also part of these systems. An ideal solution should include agents that can be set up remotely on end devices in the home office.

Secure access to the company network

For secure access to the company network, a remotely manageable VPN client and an IPv6-enabled personal firewall is also essential. If an end device does not meet this policy requirement, it may not connect to the network. End of discussion. Setting up a special quarantine zone with restricted access to the Internet and local permissions for suspicious devices may also be an option worth considering.

Access is only granted when the security policies are met, for example by installing antivirus software and by updating the operating system. Ultimately, all available means must be used to ensure that only legitimate employees with authorized end devices, protected by a modern security solution with all relevant security updates, can gain access to company resources. Together with our partner macmon, a NAC (Network Access Control), we at NCP have set this goal for ourselves to ensure the most modern and protected solutions.