Intelligent Tech Channels Issue 29 - Page 36

Securing the endpoint in the age of remote working Channel partners have an important role to play in helping organisations ensure they have robust security strategies in place. And with increasing numbers of businesses moving to remote working models, it’s more important than ever for organisations to review and bolster their endpoint security policies. Tamer Odeh, Regional Director at SentinelOne in the Middle East, talks us through the key threats to the endpoint and outlines how organisations can ensure they have a comprehensive endpoint security strategy in place. Can you give us an overview of some of the key threats to the endpoint? The endpoint is vulnerable to many types of cyberattacks that include: • Malware – Executables such as trojans, malware, worms, backdoors, payloadbased attacks • Malware – Fileless includes memory-only malware, no-disk-based indicators • Exploits of documents – Exploits rooted in Office documents, Adobe files, macros, spear-phishing emails • Exploits of browser – Drive-by downloads, Flash, Java, Javascript, VBS, IFrame/HTML5, plug-ins • Live/insider scripts that include Powershell, WMI, PowerSploit, VBS • Live/insider credentials such as Mimikatz, credentials scraping, tokens However, the real question is not around the types of attacks but their long-term effects, the metrics cybercriminals use to launch these attacks and the coding they use. Every listed type of cyberattack evolves by the hour and without strong pre-execution infrastructure, even attacks that are successfully mitigated can still cause tremendous damage to the endpoint. SentinelOne’s single-agent technology uses a Static AI engine to provide pre-execution protection. The Static AI engine replaces traditional signatures and obviates recurring scans that kill end-user productivity. On execution, SentinelOne’s Behavioral AI engines track all processes and their interrelationships regardless of how long they are active. When malicious activities are detected, the agent responds automatically at machine speed. Its Behavioral AI is vector-agnostic, covering file-based malware, scripts, weaponised documents, lateral movement, fileless malware and even zero-day threats. SentinelOne’s Automated EDR provides rich forensic data and can mitigate threats automatically, perform network isolation and auto-immunise the endpoints against newly discovered threats. As a final safety measure, SentinelOne can even rollback an endpoint to its pre-infected state. What is the impact of remote working and BYOD on endpoint security? When accessing corporate networks remotely, there is a higher risk of unauthorised access and data leakage. Employees may engage in behaviour they would never consider at the office, such as sharing a device with other family members or using the same device for both personal and work activities. Also, the use of Home ISPs and public Wi-Fi services present an attack surface that is outside of your IT or security team’s control. The biggest financial losses due to cybercrime occur through Business Email Compromise (BEC/EAC), where attackers take over or spoof the account of a senior manager or executive and use that account to instruct another member of staff via email to make a wire transfer to an overseas account, usually on the pretext of paying a phony invoice. With more and more staff members working remotely, this presents an opportunity for BEC fraud as the whole scam relies on communications that are never confirmed in person. Phishing campaigns are a threat for all employees whether they are based in-house or remote, but for workers who are not used to working ‘home alone’ and are now dealing with an increase in email and other textbased communications, it can be easier for them to lose perspective on what is genuine and what is a scam. In particular, with a rise in malspam playing on fears of Coronavirus from the ‘usual suspects’ like Emotet and TrickBot, remote workers need to be extra-vigilant. Unlike the desktop computers in your office, which likely never connect to any other network than the company 36