Zombie-Proof Your Endpoints for Cybersecurity Awareness Month

Anthony Di Bello

The Department of Homeland Security has named October National Cybersecurity Awareness Month in an attempt to motivate everyone from government organizations and corporations to individual citizens to build stronger cybersecurity defenses. But with shrill “big hack” headlines appearing almost daily, how could any government or corporate organization not be hyper-aware of the rising threat level?

Zero-Day Attacks and Phishing are Still Successful

Security teams are putting unprecedented amounts of time, money, technology, and energy into building and executing defense-in-depth strategies—and it’s critical to do so. The trouble is that many zero-day attacks are unrecognizable to signature-based tools, and attacks that begin by targeting the human perimeter—such as phishing—skirt intrusion-prevention systems altogether. The Verizon 2014 Data Breach Investigations Report reported that it takes an average of only six phishing attempts to attain an 85 percent likelihood of successfully gaining entry. Attackers are bypassing these deep perimeter-defense mechanisms with alarming regularity, thereby gaining access to valuable data on network endpoints.

When it comes to protecting these endpoints, antivirus products continue to play a vital role, but a signature-based approach is no longer adequate to protect them from unknown threats.

Cybersecurity Awareness Calls for Endpoint Awareness

Botnet activity continues unabated, with previously dormant botnets being reactivated to serve new types of nefarious attacks centered on Bitcoin mining, spam sending and even espionage. To prevent our organizations’ endpoints from becoming zombies, it’s necessary to fill in the gaps in endpoint security. As we near the end of 2014, information security teams must expand upon antivirus solutions by:

• Gaining visibility to network endpoints to a level where the most reliable data exists—at the kernel level
• Taking baselines of normal activity for them and regularly updating the baselines
• Performing regular sweeps for anomalous behavior on those endpoints
• Enabling rapid initiation of deep forensic capabilities once an anomaly has been detected or a SIEM alert validated.

Until the security spotlight shines on every network endpoint—whether that be an executive laptop or a point-of-sale terminal—no organization can be sufficiently cyber-aware. EnCase® Cybersecurity and EnCase® Analytics can help.

Comments? I welcome discussion in the section below, whether on this topic or on one you would like to see us write about here in the blog.