Firewalls have had a major influence on modern security techniques and have become the basis of corporate network security. This technology acts as the first line of defense and is a must for any company with a network infrastructure.
This is why some organizations ask whether they really need an endpoint security solution when they already have a firewall in place. The two solutions may seem similar to some users but they offer different levels of protection so deploying both is key to achieving optimal security. Endpoint solutions complement perimeter solutions by protecting against attacks within the network and they continuously monitor the activity of applications running on computers and classify them as trusted or malicious depending on how they behave.
A recent study has revealed that 68% of organizations experienced a targeted endpoint attack that compromised their data or IT infrastructure, and the same percentage rise in attacks on their devices compared to the previous year.
Endpoint attacks to gain access to corporate networks
Historically, most cybersecurity threats have come through the network. However, the trend over the past decade has been for them to gain access directly through the endpoint. Malicious actors target devices as an entry point to corporate networks and use simple lateral movement as a technique to infect gradually the whole network as they search for key assets and data. This type of lateral movement typically begins by infecting or compromising a data center or Cloud node by exploiting stolen credentials.
Once inside, cybercriminals scan corporate networks for outliers such as unpatched devices, unusual services running on ports or unique pieces of software not found on the rest of the network and then exploit them and take control with ease.
The top cybersecurity threats company endpoints face include:
- Ransomware: In recent years, ransomware has become one of the most common security issues for organizations. A successful ransomware attack can paralyze an unprotected organization by encrypting critical files and locking users out until a ransom is paid.
- Phishing: Like ransomware, phishing attacks have become more popular because they are relatively simple to carry out and are often successful. Phishing attacks have several objectives ranging from malware deployment to user credential theft or data breach.
Other types of malware and fileless attacks:
In addition to ransomware, there are other types of malware that pose a threat to an organization's endpoints. Depending on the target, criminals can infect these devices with malware such as data stealers, rootkits, or trojans.
- Credential theft: Cybercriminals can install keyloggers to collect users’ login credentials or obtain permissions to legitimate accounts, once inside a legitimate user account they can access corporate resources or online accounts.
Benefits of combining network and endpoint security
Better together: firewalls filter web traffic and defend the front end of the network, while endpoint solutions protect the internal network and are able to detect attacks based on application behavior. In addition, always having multiple layers of protection is reassuring because if one fails to detect an attack, the next layer will. XDR solutions have been created for this purpose and can generate new detections and provide an automatic response to them by leveraging the visibility of what is happening on the network and endpoints.
Advanced cybersecurity: combining both technologies protects corporate networks against malware, phishing and zero-day or malware-free attacks, ransomware and advanced persistent threats (APTs), among others, regardless of where the attacks come from, either through network or endpoints.
Zero Trust Approach: multiple complementary layers of defense must be built up to achieve a zero trust security approach. These network and endpoint cybersecurity solutions, combined with implementing security rules that limit unnecessary privilege for the organization’s employees, help achieve a zero trust focus.
In Q3 2022, WatchGuard Fireboxes blocked nearly 5.5 million malicious domains, while endpoint security solutions blocked 4,658,528 malware incidents. This data is indicative of the current threat landscape and the critical need for organizations to have both solutions in place.
To find out more about the latest findings on the cybersecurity threat landscape from WatchGuard's research team, check out our: