sb-au logo
Story image

Why endpoint security is critical in a post-perimeter era

22 Nov 2018

The refrain of the non-existent perimeter is one that security professionals are hearing more often - but what does it mean in today’s context?

Today, business apps and data have moved to the cloud and employees have gone mobile.

Threat actors are acutely aware of this trend and are already taking full advantage of it.  

The acceleration of BYOD (Bring Your Own Device) policies only compounds this risk, as social media and mobile messaging apps used for personal purposes can be compromised to phish employees and steal corporate data.

For most businesses, this means their data may be accessed from devices they don’t know or trust, over unsecured Wi-Fi networks they don’t control.

Traditional perimeter-based security strategies – once the backbone of enterprise security – simply no longer apply because it can no longer be monitored with the same tools.

However, that doesn’t mean critical information can’t be protected.

It just means a different approach is required –  a post-perimeter approach.

What to protect when there’s no perimeter

Gartner predicts that 80% of worker tasks will take place on a mobile device by 2020.

As a result, organisations must rethink their security policies to follow the endpoints wherever there are.

Post-perimeter security is a new approach to enterprise security centred on the protection of corporate data when accessed by devices outside the corporate perimeter.  

It is a security model for the modern, perimeterless, cloud-delivered, and privacy-focused world.

Post-perimeter security controls access to both the Internet and corporate data based on continuous assessment of risk.

It then modifies access to protect data and users if risk levels are exceeded.

Why we need a zero trust model

The zero trust model was created in 2010 by an analyst at Forrester Research.

The model is centred on the belief that organisations shouldn’t automatically trust anything, whether inside or outside its perimeter.

To establish trust and gain access, users must both prove their identity and validate that their device is free from cyber threats.

A device that has been compromised cannot be trusted and should not be granted access.

In order to monitor the health of a device based on an enterprise’s risk tolerance, the enterprise must have a solution that is able to see into the full spectrum of risk.

Lookout security telemetry from over 170 million devices and 70 million apps informs whether an employee should be allowed to authenticate to corporate resources using the enterprise’s identity solution.

To learn more, download this white paper.

Lookout also delivers phishing and content protection, that addresses phishing attacks beyond email which are more difficult to identify such as SMS, social media apps, messaging apps, and more.

Securing corporate data and protecting employees can no longer be accomplished by legacy security technologies – no matter how many bolt-ons or workarounds you add.

With security at the endpoint, ongoing monitoring for risks can be achieved in real time at the point of contact, wherever that exposure may be.

Contact Lookout for a free demo or to find out how Lookout can help you protect your organisation’s data.

Story image
Cloud services top threat vector for healthcare industry
"The coronavirus pandemic continues to highlight the unique cybersecurity needs of the healthcare industry, even as it has increased the number of threats these organisations face."More
Story image
Enterprises underutilising security tools, causing teams to burn out
The report unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organisation between executives and operations on security teams.More
Story image
Cohesity appoints its very first CISO
In the newly created role, new appointee Brian Spanswick will focus on advancing and optimising IT and security for Cohesity and its customers, the company says.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Ransomware and Microsoft Exchange attacks surging 
There are global surges in ransomware attacks alongside increases in cyber attacks targeting Microsoft Exchange Server vulnerabilities, according to Check Point Research.More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More