Protect your endpoints, but don’t forget the other 70%

October is National Cybersecurity Awareness Month, and we wholeheartedly support this important initiative to focus attention on the critical security challenges facing all of us. This week’s theme focuses on the continued proliferation of IoT with, “The Future of Connected Devices.”

If there’s one major cyber trend we’ve seen unfold around connected devices, it’s that there is a tendency to focus cybersecurity awareness on what we can see – phones, laptops, and IoT devices, while assuming that protecting endpoints will stop the epidemic of damaging cyberattacks.

According to the 2020 Verizon Data Breach Investigation Report (DBIR), more than 70% of breaches are targeting servers – not user endpoints. This makes sense, because most attackers are financially motivated, and they will go where there is valuable data. The math is clear – if you encrypt and ransom someone’s laptop data, you may extort a few hundred dollars. But if you successfully steal the “Crown Jewels” from a company, the value skyrockets into the millions.

While end-users may play a role in corporate attacks, falling for phishing scams or clicking on risky links, but merely protecting their devices in no way assure protection for critical applications and servers. There are simply too many ingress points, and to protect the Crown Jewels, we must shift our thinking and start from the inside.

Many conventional security vendors have claimed that all endpoints are basically the same, and legacy technology such as anti-virus will be effective at protecting servers. This is simply not true – servers require very different security strategies and technologies.

Gartner states this unequivocally in their Market Guide for Cloud Workload Protection Platforms:

“Enterprises using EPP offerings designed solely for protecting end-user devices (e.g., desktops, laptops) for server workload protection are putting enterprise data and applications at risk.”

The report goes on to say:

“Do not use an offering designed to protect end-user endpoints and expect it to provide adequate protection for server workloads. These are ill-suited for the requirements of dynamic workload protection.”

So, what exactly are the requirements of dynamic workload protection? To start, we need to shift away from the endless cycles of threat chasing. Attackers are resourceful, creative, and constantly shifting strategies to avoid detection by conventional tools. Trying to beat them with signatures, rules, learning, or even AI will always leave gaps, and is usually reactive – only stopping what’s been seen before.

Instead of perpetually “chasing bad” we need to focus on “ensuring good.” This means mapping and understanding exactly what applications are supposed to do, and then monitoring them in runtime to instantly detect any deviations from normal. By protecting dynamic server workloads, you are in essence, protecting your applications from the inside.

Protecting connected devices at their end points is essential. But remember that it is only the first step of many in an effective security strategy. It’s critical for businesses to look beyond the many ingress points and go deep within the systems themselves. We must stop thinking attacks will only come from an external source and shift our focus inward to protect critical application workloads from the inside.

Willy Leichter, VP of Product Management, leads Virsec marketing, with over twenty years of experience in product marketing, product management, outbound marketing, communications, digital marketing, and demand generation. He has worked with a wide range of global enterprises to help them meet evolving security challenges. With extensive experience in a range of IT domains including network security, global data privacy laws, data loss prevention, access control, email security and cloud applications, he is a frequent speaker at industry events and author on IT security and compliance issues. A graduate of Stanford University, he has held marketing leadership positions in the US and Europe, at CipherCloud, Axway, Websense, Tumbleweed Communications, and Secure Computing (now McAfee).

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.