Even before the world was pushed towards remote working, the perimeter of your network was expanding. A flood of mobile devices, the accessibility of cloud applications, and burgeoning flexible working practices had seen your users begin to move outside of your traditional network.
While this shift offered many benefits for your users, it also exposed them to a flurry of additional cybersecurity risks, as cybercriminals identified new vulnerabilities and created new exploits.
In fact, IDC claims that 70% of successful cybersecurity breaches in 2019 originated at the endpoint, only highlighting the potential risks associated with an increased exposure to the latest threats.
Unsurprisingly, the recent widespread push to remote working has only served to act as a catalyst, exposing even more users from organisations that would not ordinarily have expected to work in this way, including those that may have accelerated their adoption of cloud solutions and remote access platforms as a result.
As such, it’s important that new approaches to security are implemented through the adoption of specific endpoint security solutions. Sophisticated platforms that step away from traditional models to re-align the point of protection with the most likely avenue of attack – the endpoint itself.
Why endpoint security matters
With so many of your users working outside of your traditional perimeter, they are no longer shielded by the umbrella of internal security measures. While their devices might be equipped with traditional solutions such as anti-virus software that deliver some protection against established attacks such as malware, these often rely on signature-based detection, meaning they are limited to responding to known threats that have been previously identified. Consequently, as zero-day threats emerge, some legacy solutions are unable to properly identify and prevent these attacks.
Combine this with the fallibility of your end users, whose inadvertent actions can create new exposures, and your endpoints present a significant vulnerability.
It’s these vulnerabilities that cybercriminals target through the instigation of sophisticated phishing tactics, the installation of keylogging malware, and clever social engineering strategies, in an effort to gain access to your data.
What tools are available to help?
With remote working now the norm for many, and with mobile devices and cloud applications increasingly commonplace, the vulnerability of endpoints is unsurprisingly becoming an area of focus for major vendors as they seek to deliver new solutions that simplify endpoint management and security for their customers.
Microsoft is one vendor in particular that has taken significant strides in recent months to develop its capabilities, with a host of new announcements made at the recent virtual Ignite event. Product updates and new solutions to expand its portfolio are now all available as part of the renamed Microsoft 365 Defender platform.
Here’s a quick intro into each solution:
1. Microsoft Defender for Endpoint
Microsoft’s Extended Detection and Response (XDR) solution, Microsoft Defender for Endpoint, uses intelligent AI and machine learning to remediate new and existing threats across multiple endpoints.
At its core, Microsoft Defender for Endpoint is designed to better automate incident identification, investigation and response. Using risk-based vulnerability management and assessment, new threats can be identified as they emerge across your entire device estate to deliver a comprehensive real-time view of your security status, while keeping on top of any emerging vulnerabilities.
Next-generation protection also maps the behaviour of developing threats with behavioural analytics to identify and manage zero-day attacks, sharing developing information with other endpoints to minimise the risk of possible breaches elsewhere.
Attack surface reduction rules also allow the implementation of bespoke policies around the accessing of new files, links or documents to avoid accidental breaches as a result of end user actions.
2. Microsoft Defender for Office 365
While Microsoft Defender for Endpoint delivers a sophisticated level of incident identification and response, Microsoft Defender for Office 365 is focused more specifically on protecting users against attacks delivered via email.
A replacement for Office 365 Advanced Threat Protection, Microsoft Defender for Office 365 delivers an important layer of protection on top of Exchange. This intelligent tool intercepts potentially harmful emails before opening and scans for malicious documents.
These files are then held in an isolated virtual machine, until such point as they are confirmed as safe and released back into the user’s inbox. Suspicious URLs are also scanned and re-written to create secured links.
Crucially, Microsoft Defender for Office 365 can be integrated with Defender for Endpoint to help alert your IT team to possible breaches and emerging threats via email, while also confirming the number of endpoints potentially at risk.
3. Microsoft Defender for Identity
Formerly known as Azure Advanced Threat Protection, Microsoft Defender for Identify focuses on protecting your network from an unauthorised, suspicious or potentially harmful endpoint. Using the signals from Active Directory, policy management, identity-based access and user permissions are enforced for every device that attempts to make a connection.
This is especially important as users become more accustomed to switching regularly between on-premises access in the office, and remote working, where their devices may be increasingly exposed to unknown threats.
Once users attempt to make a connection with your network, Microsoft Defender for Identity assesses the possible risks associated with their devices, delivers real-time analytics and insights to help surface new threats as they develop, and prioritises the riskiest users in your organisations to prevent unwanted breaches before they occur.
Securing your endpoints starts here
As the way your business and your users work continues to change, so must the level of protection you put in place. As a long-standing Microsoft partner, we have the knowledge and experience to help you implement the latest endpoint solutions delivered through Microsoft Defender 365.
To learn more about what’s available, and to better protect your endpoints, get in touch with a member of the team.