IT organizations around the world are responding to the challenge posed by COVID-19 by ensuring that employees are able to work productively from remote locations. As we are experiencing a never–before–seen explosion of remote endpoints connecting to critical assets of the organization, security of these endpoints is on top of the mind of all IT and Security professionals. As we look for ways to secure these endpoints, it is becoming immediately clear that traditional enterprise security solutions deployed inside the organization’s network are completely ineffective in protecting these remote endpoints. The sheer volume of remote endpoints connecting over VPN gateways is already creating a lot of bandwidth pressure, adding large security updates delivered to thousands of endpoints is becoming impractical.
End users and their devices are right smack in the center of the battle between enterprise InfoSec teams and malicious hackers, and it’s not hard to see why.
When compromised, connected endpoints — desktops, laptops, smartphones, tablets — offer intruders major entry points into corporate networks. However, end users are also their organizations’ best threat detection tools.
That’s a key takeaway from SANS Institute’s “2017 Threat Landscape Survey: Users on the Front Line,” a report published in August and co-sponsored by Qualys.
The study, conducted in May and June, polled 263 IT and InfoSec pros from companies of all sizes and major industries such as finance, government, technology and education.
It found that most of the top intrusion methods reported by respondents sought to directly or indirectly compromise end users or their devices. Hackers’ preferred threat vectors included:
- Email attachment or link (flagged by 74 percent of respondents)
- Web-based drive by or download (48 percent)
- App vulnerabilities on endpoints (30 percent)
- Web server / web app vulnerabilities (26 percent)
- Removable storage devices (26 percent)