Globally, enterprises have moved towards a hybrid work era and combating additional cyber threats than ever before. When employees work remotely, endpoints are exposed to the employee’s home network, increasing the attack surface.
Infected personal devices in home networks could exploit the zero-day vulnerabilities on corporate endpoints in home network to distribute malware and move laterally in the network to gain access to sensitive corporate information or to stage a ransomware attack.
In simple words, a malware-infected personal computing device begins to scan weak spots by probing for accessible and vulnerable devices. With the Lateral movement technique, a potential hacker can pivot on other hosts from a compromised system or vulnerable IoT devices. Corporate endpoints could get infected, and malware can gain access to sensitive resources, such as mailboxes, shared folders, or credentials.
Determined adversaries could even gain access to the domain controller and get complete control of the infrastructure or business accounts when connected to the company network via VPNs. As most organizations follow a quarterly patch cycle, a zero-day vulnerability attack can cause severe damage to the business.
Do Not Overlook the Value of HIDS Security
Host based intrusion detection/prevention systems can alert and block port scans and other exploits targeted at the endpoints, thereby stopping the infection at the early stage itself.
Typically, most next-gen antivirus suites come with HIDS functionality, which in most cases is disabled due to the availability of full-fledged IPS in corporate VLANs and to optimize endpoint memory utilization.
With cyber threats now more common than ever, possessing the capability to identify and deter cyber-attacks in near real-time is crucial. While Antivirus might suffice in the past, today, we need an array of endpoint security devices such as next-gen Antivirus with host-based intrusion prevention systems (HIPS) and endpoint detection and response (EDR) as a bare minimum.
Comments