Recently, cyber security experts participated in a round table discussion called “Defending the Wall – Endpoint Security” hosted by Spiceworks. The discussion centered upon “best practices and and biggest mistakes to avoid for endpoint security.”
The key questions addressed included:
The IT security experts on the panel included Trend Micro’s Eric Skinner, Vice President of Solutions Marketing. He is responsible for the endpoint solutions strategy as well as their go-to-market activities.
The round table discussion was recorded and is currently available as a no-registration-required, free webinar on the Spiceworks Community page.
Round table Highlights
Why the renewed interest in endpoint security?
The Spiceworks discussion moderator Justin Ong began by asking: “We’re seeing a renewed interest in endpoint security, what do you think is the driving force behind that?”
Eric Skinner answered, “There’s definitely been a huge shift in the last few years. We’ve seen a huge uptick in interest…I think a big driver is that people are changing in the way they’re using endpoints. They‘re using them in fresh locations. They’re working from home; they’re connecting from Starbucks. They’re not using VPN as often because they have cloud-based applications that connect you all day that don’t require VPN. So the perimeter security has been made less relevant.”
As a follow up to the first question, Skinner went on to say, “Employees are able to do a variety of safe and unsafe things…They are potentially more productive with the range of applications available to them, BUT they are exposed to more threats and the threat actors are evolving their efforts really, really fast.”
Since threats are evolving so quickly, Mr. Skinner said it is Trend Micro’s belief that an organization is not going to be effective with running just one type of threat defense technique these days. He is convinced that malware authors are very aware of all the defense techniques out there, and as soon as a new one is rolled out, they are immediately working on how to avoid it. There is a definite need to add on multiple types of security layers to an enterprise’s cyber defense.
“When we look at our data we see malware samples on 9 out of 10 endpoints…That’s a pretty staggering number but it shows that a signature-based antivirus is not effective. So you’re going to need to roll out multiple techniques, but none of them is a silver bullet,” said Skinner. “Rolling out a combo is the preference as long as there is not going to be a problem support them with resources.”
Crypto-Locker/Ransomware: Just pay the ransom?
Another hot topic discussed was the Crypto-Locker ransomware threat. According to the experts, the average ransom paid (usually in Bitcoin) to cyber criminals to unlock “kidnapped” files is somewhere around $300 US. There was consensus among the round table experts that it often makes sense to pay the ransom to the attackers rather than spend the time and effort to it would take to break the malware lock on their files since it would likely be exorbitant.
What’s the worst case ransomware scenario?
What’s worse than getting ransomware? Get nailed by an old ransomware campaign, paying the ransom, and still not getting the key to release your files. With this happening, it is absolutely vital that organizations avoid falling victim to a ransomware attack. Prevention is important, but Skinner said, “Backups are still a valuable defense.”
As the round table discussion delved deeper into the ransomware topic, speakers said they had seen cases where enterprises got ransomware on one endpoint and because they were using OneDrive and DropBox with a lot of synchronization, they ended up actually encrypting the contents in their file sharing service. This is why it’s so important to have appropriate permission on file sharing servers.
Why you can’t run only the antivirus layer
While security vendors, in general, are getting more and more effective at spotting ransomware, according to Skinner, supplementary techniques are must-haves in addition to antivirus signatures. He said Trend Micro solutions now include application control, application white listing, vulnerability shielding, detention, application reputation databases, known “good” code signers, and application prevalence data.
“When running smoothly with strong manageability, application control is tremendously effective,” said Skinner. “App white listing is important [too]. The challenge is making sure all the good stuff is on the white list so staff can get, for example, the latest Skype update without a problem.”
The round table discussion lasted nearly an hour. We recommend taking the time to view the video of it and learn. It will be worthwhile.
Watch the round table discussion video now.