Reducing the attack surface

Advanced endpoint security is just one tool in your arsenal.

Johannesburg, 01 Oct 2019
Hannes Kriel, Technical Manager, KHIPU Networks.
Hannes Kriel, Technical Manager, KHIPU Networks.

Businesses will never be fully protected against cyber attacks because cyber criminals are always a step ahead and are always finding new vulnerabilities to exploit. Their best defence is to make their attack surface as small as possible. This will reduce the number of network entry points and deter cyber criminals from even trying to penetrate it.

So says Hannes Kriel, Technical Manager at KHIPU Networks, who adds that a multi-layered security approach, combining advanced endpoint protection, e-mail gateways, and advanced firewalls and anti-virus solutions, can provide zero-day protection – or protection against previously unknown vulnerabilities.

“Advanced endpoint protection is not intended to replace traditional defences, like firewalls and anti-virus, which offer additional security functionality, like backups and virus vaults,” says Kriel. “But the downside of these solutions is that, by the time businesses download the new versions, they might have already been targeted. And even then, the new version might not have patches against the most recent threats. This isn’t good enough.”

Five-minute exposure

Advanced endpoint protection solutions, he says, offer near real-time protection against new exploits.

“Even if you’re the first person in the world to be targeted with a new attack, your exposure will last a maximum of five minutes – not long enough for the virus to do any significant damage. This is the time it takes for the advanced firewall to sandbox the threat, upload a copy to the cloud, and return an answer as to whether it’s a threat or not. If it is, it will be blocked and that same protection will automatically extend to every device on your network. If someone in Vancouver, for example, uses the same solution and is targeted with a new exploit, the solution will push protection to every other user of the system, worldwide.”

This, he says, is one of the main benefits of choosing a solution provider that is part of a security alliance. Partner organisations share information about emerging threats, which allows them to patch their own solutions against new vulnerabilities. These patches are automatically filtered to all users, offering them instant protection.

“Cyber security is about constantly plugging holes. New holes open up every day as cyber criminals evolve their methods. By patching vulnerabilities as quickly as possible, businesses reduce their attack surface, providing fewer entry points for cyber criminals.”

Exploits vs viruses

Kriel says the biggest difference between advanced endpoint protection solutions and anti-virus software is that the former guards against exploits while the latter guards against viruses.

“The Windows operating system, for example, has 50 different exploits that are targeted by a billion different viruses. This includes viruses that sit dormant on systems but don’t actually do anything. With endpoint protection, we only worry about the exploits. We’re not concerned about the viruses, especially the ones that aren’t doing anything. We let them sit, but if they try to take advantage of one of the 50 vulnerabilities, the advanced endpoint protection solution acts swiftly to block it.”

Complementary protection

It’s important that any new security solution integrates – and can communicate – with a business’s existing security platforms, says Kriel.

“Every attack – malware, phishing, ransomware, zero-day exploits – begins at the endpoint, which makes sense when you consider that 90% of breaches start with an e-mail attack. People access their e-mails using all sorts of devices or endpoints – laptops, PCs, smartphones, tablets. It’s crucial that the endpoint security solution and the e-mail gateway can talk to each other, so that when one picks up a threat, the other knows to guard against it.”

This is why endpoint solutions don’t need to – and shouldn’t – replace legacy systems. And, since these solutions don’t consume a lot of computing power or memory, it makes sense for businesses to have both because their features and functionality complement each other.

“You can never be overprotected because you’ll never be 100% safe,” says Kriel. And the main reason for that, he says, is humans. “People are the most vulnerable part of the network. Most don’t know how to identify a phishing attack, especially if an e-mail seems legitimate. If an e-mail comes from the HR department offering free lunch if they update their passwords, most people would click on the link, not knowing that they’re actually handing over their network login details to cyber criminals.”

Prevention better than cure

The importance of awareness training and vulnerability management should never be underestimated, he says.

“Your employees need to know what a phishing e-mail looks like and what to look out for, like irregular domain names, strange links and URLs, and weird logo sizing. Regular awareness training and phishing simulation attacks can massively reduce the attack surface."

Another way to reduce the attack surface is through regular vulnerability scans. These scans return a list of vulnerabilities on the network, which the business can patch, starting with the most critical.

When protecting your home, any security expert will advise that you’re more protected than your neighbour. Even one additional defence – like garden beams – can deter criminals. Network security is no different. A multi-layered approach combining many different, integrated solutions will send cybercriminals somewhere else.

“Even if they do get into your network, you’ll have patched all your vulnerabilities and they’ll have nothing to do,” says Kriel. “Keep patching your network and keep reducing your attack surface – it’s the only way to reduce your vulnerability.” 

Share