Let’s start by describing an endpoint. Endpoints are the devices used by employees to access organizational resources like applications, files, email, etc. For most dealers, endpoints are workstations (i.e., PCs) or servers. Endpoints are one of the most common points of attack that a cybercriminal uses to access your network.
Now that you know what an “endpoint” is, let’s talk about advanced endpoint threat protection. In a nutshell, advanced endpoint threat protection is a collection of tools and techniques that protect a dealership’s largest attack surface – its endpoints. One of the most important elements of this collection of tools and techniques is the use of machine learning and behavioral analysis to identify potential threats (i.e, unknown vs known threats). The use of this technology gives advanced endpoint threat protection a big advantage over traditional endpoint security.
Traditional endpoint security – like firewalls and antivirus software – rely on known information about cyber threats to detect attacks. The problem with this is that the cybercriminal is smart; They have figured out how to elude traditional endpoint security. Cybercriminals can take advantage of software vulnerabilities to attack your dealership and be undetected by traditional endpoint security. These software vulnerabilities are referred to as Zero-day threats as they have not yet been identified and fixed (i.e., they are UNKNOWN). Likewise, the use of social engineering (i.e., phishing scams) to gain access to your network is rapidly increasing and a continually evolving method cybercriminals use, which traditional endpoint security would fail to detect. Leading us to this new additional layer of security – advanced endpoint protection.
Advanced endpoint threat protection uses machine learning and behavioral analysis which enables it to detect suspicious user behaviors. For example, access to an email account from a foreign IP address and then the configuring of an email forwarding rule. With advanced endpoint threat protection this type of suspicious behavior would be detected, investigated and halted if deemed to be an attack.
Advanced endpoint threat protection contains some key tools and techniques that are worth mentioning:
- Next-Generation Antivirus (NGAV) – goes beyond just addressing KNOWN file-based malware signatures. Machine learning and behavioral analysis provides this new layer of security the power to detect suspicious user behaviors even as the cybercriminals continue to evolve. NGAV can identify malicious behavior from UNKNOWN sources. NGAVs primary purpose is to prevent an attack. This is one of the cyber defense tools that a dealership needs to employ.
- Endpoint Detection and Response (EDR) – this higher-level tool picks up threats that might not be picked up by NGAV. It also gives you visibility into how the attack happened – which is essential in understanding the attack’s impact, taking action to stop the attack, and mitigating issues.
- Security Information Event Management (SIEM) – provides centralized event log management. SIEM makes it possible to aggregate data from all sources across the entire organization and allows for the review of millions of records in seconds. This gives your IT and cybersecurity team visibility into your entire IT environment to detect potential threats in the works.
- Web Filtering – prevents users from accessing certain KNOWN URLs or websites that are deemed to be inappropriate or potentially dangerous. The formal listings utilized are continuously updated but they are reactive.
- Email Filtering – filters and “sanitizes” every email of KNOWN issues before it is delivered to your email server to protect you from email-born threats. Since 91% of successful cyberattacks start with a phishing email, email filtering remains an important part of your cyber defense.
- Device Hardening – is the process of eliminating a potential threat opportunity by patching software vulnerabilities. To keep your dealership safe, it is vitally important that you regularly deploy critical security patches. These are fixes for KNOWN issues, so they must be done.
As cybercriminals become more sophisticated, advanced endpoint threat protection becomes an essential weapon in the battle to stay ahead of the cybercriminal.