By Nick Alevetsovitis
There is no question that workstyles have changed after the pandemic, and many organizations have not only adapted to more flexible work-from-anywhere models but embraced digital innovation to uncover real business value. However, when ‘anywhere’ is the new office space, it exposes an organization’s network to far more surface area for IT departments to secure and protect.
Every network is only as good as its weakest link. In an era where networks span on-premise and cloud environments, and hybrid work models are the standard, every endpoint in the network becomes a potential target for malware, ransomware, and targeted attacks.
Cyberthreats target endpoints
With the threat landscape escalating, poorly protected endpoints and home networks make a tempting target for cybercriminals. FortiGuard Lab’s latest report showed a 10-fold increase in ransomware so far this year, and many threat trends going into 2022 demonstrate the need for robust endpoint security measures.
At one point, threat intelligence guided how endpoints were protected, creating delays between when a threat was uncovered and the device’s protection. Even first-generation endpoint detection and response (EDR) solutions, designed for additional endpoint protection, offer limited security in the face of today’s sophisticated cyberattacks, which can take seconds to compromise endpoints.
Today, behaviour-based approaches enable modern endpoint security products and solutions to offer better real-time protection. For example, unified endpoint security solution FortiEDR uses a behavior-based method for protection, detection, and response. This unique combination makes it more effective at stopping incursions pre- and post-infection and preventing ransomware encryption attacks by automatically blocking, detecting, and defusing threats as they occur.
Securing the endpoint
FortiEDR’s unified approach to endpoint security precludes threats by reducing attacks and providing up-to-date malware prevention. With real-time detection and disarmament, threats are automatically detected and defused, while coordinated remediation and forensic investigation aids in hunting for and responding to threats.
This proactive detect and defuse feature prevents the spread of malware in real-time. Access to file systems is denied, which prevents data exfiltration and ransomware encryption. Contrast this to EDR offerings that rely on manual responses to detect issues and can take 30 minutes (or even hours) to respond and contain threats.
FortiEDR also keeps the endpoint functioning by defusing the threat without ending the process or quarantining the device. FortiEDR can hold off on blocking actions by monitoring system operations closely, helping create more opportunities to analyze the threat. This approach also helps free IT teams from dealing with an unending barrage of alerts, keeping them focused on refining the automation features and the policies that guide it.
For example, FortiEDR includes cloud-delivered artificial intelligence (AI) and microservices that assess and classify suspicious activity, including those that might fall below the threshold for automatic blocking. Responses to threats are dictated by an organizations’ “playbook,” a pre-defined set of actions based on security policy and threat categorizations and the accepted automated response and remediation procedures.
Lock endpoints down with zero trust network access
Today’s hybrid remote-work models will need more than just a VPN to manage network access securely. In addition to an EDR to protect endpoint devices, it is recommended that organizations implement a zero-trust approach.
With a VPN, users can access applications they need – along with everything else. The system accepts a device or user implicitly once they sign into the VPN. When automatically conferred this way, trust increases organizational data, application, and intellectual property risk.
Instead, modern approaches include a zero-trust model that puts the onus on the device or user to authenticate the need for the information or applications they want to access. It starts with the assumption that no user or device belongs on the network until they prove it. Once approval is confirmed, what that user or device can access is pre-defined based on user roles or business needs.
In a Fortinet environment, a Zero Trust Network Access (ZTNA) approach combines an endpoint agent and FortiOS to verify identity on every session and limit access based on pre-defined roles and needs. It makes managing resource access is easier for IT departments by providing greater visibility and automated features to apply the defined rules and roles.
With version FortiOS 7.0, existing Fortinet infrastructure can easily morph from VPN into a zero-trust architecture when organizations are ready to make the change. It’s cost-effective because ZTNA capabilities are built into the FortiGate next-generation firewalls (NGFWs), FortiClient endpoint protection solutions and FortiOS, and can be deployed on-premise and in the cloud. ZTNA is just one way Fortinet is helping customers get more out of their Fortinet investment. Fortinet Security Fabric, which provides a single, integrated security system that spans an organization’s distributed network, is another, because it makes establishing secure remote access through a single vendor possible.
As businesses continue the shift to a more permanent remote-work hybrid model, modernizing approaches to endpoint security becomes a much more critical step. Solutions must offer real-time and automated detection and response and a zero-trust access model, along with great visibility for time-strapped security professionals. Only then can organizations secure all network edges, regardless of where authorized users – or the information and applications they seek – are located.
Nick Alevetsovitis is VP of Canada Enterprise and Commercial Business at Fortinet
