Sometimes cybersecurity reminds of fashion with vintage trend comebacks.
Do you still remember the days when the common cybersecurity mantra was that you must secure endpoints? That era also saw the birth of antivirus software industry. But attacks proved that it wasn't enough to focus only on endpoints. Defenders turned their attention to securing networks and gateways instead.
The network focus was relatively simple, because every organization could easily know the physical perimeter of its IT infrastructure. The most radical opinion was that endpoints could be left unprotected once the network was properly secured. That day never came.
Cloud, multi-cloud, hybrid cloud, software-as-a-service, outsourcing, and shadow IT destroyed the idea of defending a single network. In the old world, endpoints consisted of stationary desktop PCs. These have now been mostly replaced by laptops, smartphones and tablets that move freely outside the traditional perimeter of network security and access applications in the cloud. On top of that, there are millions of IoT devices and countless connections through cloud APIs.
How can anyone tell where the network and the perimeter are located anymore?
The clock has turned back. It might look like endpoints have become the only thing left that an organization itself can secure to some extent. Vendors are awake as well, and we have seen a rise in next generation endpoint protection solutions.
Most important, though, is that endpoints remain one of the most attractive targets for cyber criminals and other hostile actors, who keep pounding endpoints. If we take a look at breaches, the story in most cases leads to something that went wrong at an endpoint at some stage of the attack.
Recently, you may have read about the massive ransomware breakout at the Norwegian aluminum giant Norks Hydro. The attack used ransomware called Lockergoga – and most anti-malware products in the market failed to detect it at the time of the attack!
Does this ruin our argument about a new era of endpoint security? No, it doesn't. First, it proves that modern endpoint security is much more than anti-malware products alone. Second, the Norsk Hydro case was more complex. It was preceded by an administrator account hack, and active directory was used as a means to spread Lockergoga malware to PCs in corporate networks. Lockergoga itself was incapable of spreading itself, but it was good in mimicking benign software.
The case of Norsk Hydro clearly proves that the challenge of securing the endpoints, and the entire environment, calls for more advanced Identity and Access Management (IAM) solutions. Organizations must be better prepared to authenticate and authorize user access to any computer systems – whether they are on-premises or in the cloud, or whether access is requested by a human, IoT device, or API.
A centralized IAM is a necessity to cover multi-cloud and hybrid cloud environments, all endpoints, and APIs. It has to dynamically identify any user, map entitlements, and create and delete users instantly as needed. Efficient solutions utilize multifactor authentication, user behavior analytics, and AI. Stolen accounts quickly become a crowbar to cyber doors in the organization.
IAM has never been more important to organizations than today. IAM success is business success. Like they say, identity is the new perimeter.
Do you want to know more about securing your organization with modern solutions? We will soon publish an introductory guidebook for cybersecurity. Watch this space!