Broken endpoints in organisation’s cybersecurity: the role of superior endpoint detection
Admin l Friday, June 25, 2021
JOHANNESBURG, South Africa– Networks Unlimited is applying a ‘broken window, broken business’ principle [1] when looking at an organisation’s internal cybersecurity posture, in order to have a positive effect on its business processes.
The moral of the ‘broken window’ story, which has been studied by psychologists, is that once a window in a building is broken, people then feel that they are able to damage the property even further, and ultimately loot and steal from it,with impunity.
“When we put this into a cybersecurity context,” says Stefan van de Giessen, General Manager: Cybersecurity at Networks Unlimited, “this means, in essence, making sure that you have no ‘broken windows’ or gaps in your security through which uninvited elements could enter. In order to do this, you first need to create a firm baseline to develop your posture. This includes endpoint security solutions, which play a significant role in protecting devices like desktops, laptops, mobile phones, and tablets from cyberattacks.
“Endpoint security software enables businesses to protect devices that employees use for work purposes, either on a network or in the cloud, from cyber threats. Endpoint security solutions are essential in preventing hackers from finding, as it were, new ‘windows’ to break through which they can enter a vulnerable organisation in order to loot the owner’s assets.”
Van de Giessen notes that one of its endpoint security products partners, SentinelOne, which uses artificial intelligence (AI) and machine learning to prevent, detect, respond to and remediate end-point threats, recently received two prestigious global accolades.
“SentinelOne’s endpoint security solutions came out on top among endpoint vendors in the latest ATT&CK Evaluation performed by MITRE Engenuity,” he notes. “Recently-released results from the 2020 evaluation show that SentinelOne was the only vendor to achieve complete visibility, with zero missed detections, across both Windows and Linux environments.
“In addition, in a separate accolade, SentinelOne was also recently positioned by Gartner as a Leader in the 2021 Magic Quadrant for Endpoint Protection Platforms, which we believe is as a result of its excellent innovation technology and superb customer service experience.”
The MITRE ATT&CK Framework is a knowledge base of adversary tactics and techniques that was created by the MITRE Corporation – an American not-for-profit technology resource company – in 2013 to document attacker techniques and tactics. ATT&CK is an acronym for Adversarial Tactics, Techniques, and Common Knowledge https://www.rapid7.com/fundamentals/mitre-attack/ [2].
The adversary techniques are indexed within the MITRE ATT&CK Framework, which has become an important knowledge base for the industry to understand attacker models, methodologies, and mitigation. Van de Giessen notes, “SentinelOne had no delayed detections or configuration changes, and, in addition, had the most complete analytic detections out of all tested products. We believe that these results showcase the importance of benchmarking your endpoint detection protection against the MITRE results, rather than legacy antivirus protection.
“To return to the ‘broken window, broken business’ analogy, the endpoint is one of the most crucial vectors for attack, especially considering the increased number of employees working from home. Organisations must ensure that endpoints are protected by a next generation anti-virus and thereby closely monitored for any malicious activity.”
“Additionally, the endpoint hygiene plays a pivotal role when using a secure connection to the private network at head office in order to keep the perimeters unbreached and your data safe, and thereby your business’ reputation and future viability secured,” he concludes.