Industry Trends

The Need for Endpoint Security Isn't Going Away

By David Finger and Peter Newton | August 16, 2021

For most organizations, work will never be the same as it was before the pandemic with working from anywhere models being the reality for the foreseeable future. In some cases, business models had to change almost overnight to support digital options for customer service, delivery, or online ordering. And many employees and employers have discovered that some people are more productive or simply like working from home better than going into an office. And the resulting reduction in physical office overhead as well as expanded talent pool is highly attractive to many organizations. So, the herculean effort IT teams made to get people set up with remote access certainly isn't going to go to waste.

There is no question that workstyles have changed, and there's a growing recognition that most organizations aren't going to be bringing their entire workforce back to the office—at least not the way they were before. At the same time, we’re seeing an even greater uptick in ransomware attacks. The combination of the work from anywhere workforce and the growing sophisticated threat landscape underscores exactly how important endpoint security is for organizations to secure their infrastructure and users.

Endpoint Security Matters More Than Ever

Supporting digital initiatives and a work-from-anywhere model has led to a dramatic increase in the exposed edges of the network. At the same time, malware, ransomware, and other threats continue to challenge organizations by exploiting poorly protected endpoint devices and home networks. The increasing sophistication of the threat landscape, demonstrated by the rapid increase in the number of remote workers coupled with serious concerns such as a seven-fold increase in ransomware during the last six months of 2020, not to mention the high profile cyberattacks that opened 2021, have shown the need for stronger endpoint security. 

Solving the continuing security issues related to increasingly distributed networks and the rapidly dissolving network perimeter can seem daunting. The first steps to address these challenges, especially for remote access, include moving to modern endpoint security solutions and embracing a zero-trust model. Endpoint security solutions need to provide better visibility into devices and their state, strong protection measures, remote monitoring tools and threat remediation for endpoint devices of all kinds. And zero-trust solutions need to be flexible enough to securely facilitate user access to any resource or application, no matter where the user or the resource may be located.

The Components of Modern Endpoint Security

Traditional first-generation endpoint protection platforms (EPP) that focused on threat intelligence-based prevention have given way to newer behavior-based protection approaches. But even so, prevention can never be 100% effective over an extended period of time, given the sophistication of today’s cyberthreats. 

Similarly, the first generation of endpoint detection and response (EDR) products, designed to supplement traditional endpoint protection has also fallen behind the volume of fast-moving cyberattacks. Dealing with a flood of alerts and ferreting out real threats from a sea of false positives takes time, leaves security teams further and further behind and exposes the organization to great cyber risk.

This patchwork approach of EDR bolted on to traditional EPP is simply no longer sufficient for today’s digital organizations and work from anywhere approach. Instead, modern endpoint security must unify these functions with the ability to:

  • Predict and prevent attacks through attack surface reduction and malware prevention
  • Detect and defuse threats with real-time detection and disarmament
  • Respond, investigate, and hunt for threats with the help of orchestrated remediation and forensic investigation

FortiEDR is a unified endpoint security solution designed from the beginning to take a behavior-based approach to pre-infection and post-infection protection as well as detection and response. This unique combination is more effective at stopping breaches and preventing ransomware encryption attacks because it blocks, detects, and defuses threats automatically. 

Other EDR vendors often rely on manual responses to the initial detection, which can take anywhere from 30 minutes to several hours to contain. FortiEDR's detect and defuse step is preemptive; it blocks external communications of malware and denies it access to file systems, which prevents file exfiltration and ransomware encryption in real time.

FortiEDR also defuses threats without terminating the process or quarantining the endpoint. It has granular tracking of system operation that allows the solution to see every step of system operations, enabling it to wait as long as possible in order to be as confident as possible in taking a blocking action. This approach reduces the risk of false positives while blocking the ultimate objectives of many cyberattacks. 

In doing so, it buys time for continued analysis of the incident. And in the rare case of too aggressive in action, the block is lifted without disturbing users or disrupting business. 

Not only that, FortiEDR also automates the ongoing assessment and classification of suspicious detection. Cloud-delivered artificial intelligence and microservices continue to analyze detections that fall below the threshold for blocking. Once it reaches a verdict, it initiates a response that can then be automated using a customizable playbook. This playbook enables organizations to pre-define actions- based on threat categorizations and policy groups, for automated response and remediation procedures specific to the organization. Finally, human security analysts gain time to watch over this largely autonomous endpoint security solution, continue to refine its automation, learn from the cyberattacks identified and continuously improving their organization’s security posture.

The Move to Zero Trust Network Access

As noted, even after the pandemic ends organizations are going to need to support telework because it's likely that many employees will continue to work remotely at least part of the time. And the last year has demonstrated the need for more than just a VPN to securely manage remote access to today's dynamic and distributed networks. So, in addition to using EDR to protect endpoint devices, zero trust network access (ZTNA) should also be implemented. ZTNA addresses concerns related to application access.

In the past, restricting access to specific applications may have worked in the office, but that was the only place it worked. A user who was traveling or out of the office for some reason connected using a VPN, which not only gave them access to the app they wanted to use, but far too often, everything else as well. Whenever a device or user is automatically trusted in this way, it places an organization's data, applications, and intellectual property at risk.

A zero-trust security model takes the opposite approach. The assumption is that no user or device is trustworthy until proven otherwise. That means no trust is granted for any transaction without first verifying that the user and the device are authorized to have access. 

Fortinet uses the combination of an endpoint agent and power of FortiOS to perform identity verification for every single session. It controls which applications a user is allowed to access regardless of whether the user is located at headquarters or connecting from somewhere else. Users are validated every time they access an application for every session. Their access to applications also can be limited based on things such as their role. 

And as of version FortiOS 7.0, FortiOS is able to turn an organization’s existing Fortinet infrastructure into a zero-trust architecture because FortiGate next-generation firewalls (NGFWs) and FortiClient endpoint protection solutions employ ZTNA capabilities. The fact that both FortiEDR and ZTNA are so tightly integrated into FortiOS enables easy management and superior visibility throughout the infrastructure.

Further, Fortinet's implementation of ZTNA doesn't depend on SASE. Many zero-trust solutions are cloud-only, which limits your options. But Fortinet’s ZTNA solution can be deployed on-premises or in the cloud. And ZTNA is now built directly into FortiOS, enabling Fortinet customers to take even more advantage of their existing investment in FortiGate firewalls and other Fortinet products to build a ZTNA strategy. Because ZTNA is a free feature that's already in FortiGates, like Fortinet’s Secure SD-WAN solution, it is easy to migrate from VPN over to ZTNA access capability whenever you're ready. 

The Fortinet Security Fabric Combined with Endpoint Security Duo

Setting up remote access solutions requires a variety of components, and in many organizations these solutions are provided by different vendors, adding complexity to an already overburdened environment. Even worse, the components often run on different operating systems and use different consoles for management and configuration, so setting up robust endpoint security and remote access can be complex and sometimes even impossible.

With Fortinet, not only can you easily establish secure remote access through a single vendor, all components can be integrated through the Fortinet Security Fabric. The Security Fabric is an architectural approach to security that allows you to connect different security devices into a single, integrated security system that spans your distributed network. This is critical when you have users who are connecting from almost anywhere to resources that could be located almost anywhere else, enabling you to tell what's going on so you can keep even the furthest reaches of your network as secure as possible.

Find out how Fortinet’s Endpoint Security and Device Protection Solutions protect every user and device; on and off the network. 

Read these customer case studies to see how Millard Public Schools and Origo ensure full-coverage visibility and control over the IoT devices connecting to their networks.