Story image

Trend Micro on how organisations are navigating endpoint threats

08 Mar 2019

Endpoint management is becoming increasingly demanding but also necessary at the same time as organisations adopt the flexibility the cloud affords them.

As a result, cybercriminals are also tailoring their approach to target individual endpoints in a new perimeter-less environment.  

Techday spoke to Trend Micro market strategy global VP Eric Skinner about key threats organisations are currently facing and the best way to mitigate them.

What are the threats to endpoint security organisations are finding the hardest to defend against and why?

A few years ago, endpoints were protected by other layers of the company perimeter (e.g. firewalls) but today’s endpoints are frequently outside the perimeter, with a broader range of business and personal apps in use, and so must defend themselves.

Also, ransomware used to be at the top of the list when it came to endpoint concerns for many businesses, and while incidents are still occurring (e.g. the Cabrini Hospital incident in Melbourne in February), Trend Micro’s most recent Yearly Security Roundup Report found a substantial decline – ransomware was down a drastic 91% in 2018 vs 2017.  

This decline is due to sophisticated endpoint security solutions being able to better detect these threats, resulting in malware authors shifting their focus.

More concerning is the rise of fileless threats.

Fileless threats are so named because they use no discrete binaries or executables. Nevertheless, they manage to run by injecting themselves into an existing application’s memory or by running scripts within a legitimate application such as Windows Machine Instrumentation or PowerShell.

Trend Micro has seen an 817% rise in fileless threat detections from August of 2017 to the end of 2018. These threats are risky as their intended behaviours are quite diverse, and as a result are more challenging to detect.

Endpoint security vendors including Trend Micro have invested heavily in run-time behavioural techniques and heuristic approaches to block fileless threats (for example, a Microsoft Word documents launching a PowerShell script is almost certainly a malicious action, and will be detected and blocked).

How well are organisations in APAC educating their employees on endpoint threats?

Overall, organisations are steadily doing a  better job of raising security awareness, and helping employees recognise potential threats such as social engineering attacks delivered via email. However, we continue to see steady improvements in the attacker’s behaviour as well.

Phishing and business email compromise emails are more-frequently well written and researched – for example, Trend Micro found that the number of business email compromise (BEC) attacks in 2018 increased by 28% globally compared to 2017, and phishing URL detections increased by 269% over the same time.

Along with employee education, state-of-the-art detection technologies should be used, and businesses should ensure they have good processes in place to verify and authorise transactions such as invoice payments.

Developed countries in APAC such as Singapore and Australia have dedicated considerable resources to cybersecurity education, including innovative awareness campaigns aimed at the general public, whereas developing countries are now starting to implement such campaigns. Additionally, some large enterprises in APAC have implemented security quizzes or mock malicious email campaigns, as a means to educate their employees.

It is recommended that these are done regularly and systematically to keep employees educated and keep cybersecurity front of mind.

What are the business and operational challenges to having an effective endpoint security solution in place?

Endpoint security solutions can generate an unwelcome workload for IT teams if there are too many spurious alerts (obscuring real issues), or too many false-positive detections (where legitimate files and behaviours are being flagged as malicious).

Today’s leading endpoint security products are engineered to reduce noisy alerts as much as possible, and it’s a great reason for businesses to ensure they are running the latest version available from their vendor.

Australia’s Notifiable Data Breach legislation imposes a 30-day window for assessment of a potential breach, and this can be challenging if endpoint security solutions are not recording relevant events.

Modern advanced endpoint protection products include so-called EDR (endpoint detection and response) features which proactively record endpoint events, enabling assessment actions taken by suspected malware and a clearer picture of whether a data breach has in fact occurred.  

These capabilities are sometimes available as a managed service so that ongoing threat investigation and monitoring can be performed by the vendor’s expert team instead of an overworked IT department.  

How are organisations using non-traditional security practices to navigate endpoint threats?

Over the last ten years, there’s been a gradual shift from aiming to detect malicious files, to detecting malicious behaviour.

This shift has dramatically improved endpoint security vendors’ ability to intercept rapidly-evolving attacks from ransomware and fileless threats.

This – combined with the pressures of the cybersecurity skills shortage – has encouraged organisations to use non-traditional security practices such as endpoint detection and response (EDR) and managed detection and response (MDR) to navigate endpoint threats.

Both of these practices focus on identifying potential threats and activity that can paint a picture of possible intrusions or attacks.

However, MDR is a service harnessed by organisations to assist their in-house teams with threat hunting and alert monitoring and takes the heat off companies who are facing a shortage of skills or lack of staffing.

It’s also important that EDR and MDR are not undertaken as ad hoc elements of an organisation’s strategy, but rather are incorporated into larger security considerations.

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.