BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Endpoint vs. Network Security - who wins?

October 20, 2017

  • Blog
  • Archive

If you can contain or block threats before they hit the endpoint with network-based security such as detection and sandboxing, that is always a good idea. The problem is that if you don’t secure the endpoints first, you end up with an eggshell security stance, where you are reliant on a single outer shell to protect your data. Without secure endpoints, even one small crack in the network shell will cause all of your data to spill out, creating a real mess..

When you look at some of the big US data breaches, a number had bought into the latest and greatest “next gen” network security technologies which had “detected” the threats and raised warnings. The problem was that there was so much noise generated by the solutions that no one prevented the attacks happening as thousands of other alerts flooded in daily. This is part of the battle when you are looking to detect threats especially at a network level. It can be like looking for a needle in a haystack.

Network defences face an almost impossible trade-off between security and usability. You want threats to be deeply analysed, however you can’t make the user wait. This results in rash decisions being made by the solution, or network security features being disabled. Intel Security found that over 30% of organisations disable network-based security features in order to boost speed. Malware authors know this and therefore will create attacks that simply lay dormant for a period of time to bypass the network sandbox.

Malware has rapidly evolved to evade network sandboxes using a variety of techniques including:

  • Delayed onset
  • Detecting virtualised environment
  • Checking the number of CPU cores (network sandbox usually only presents 1)
  • Checking if user is real (monitor mouse movement etc)
  • Exploiting the virtual environment to escape

If we don’t believe the hype and accept that no system is ever 100% secure, we realise that some threats will not be detected - so where will these end up? On the endpoint.

If the endpoint is not robustly secured using proactive defence in depth, you are reliant on endpoint detection, such as AV to block the threats, essentially the same kind of detection that failed to identify the threat at the network level. In this case it only takes one threat to breach an organisation; one APT that is not detected and you are breached. In fact, when you look at a lot of network-based solutions they have accepted this fact and are now looking to detect attacks post compromise.

Possibly the most worrying aspect of network-based security is that some major network security vendors have been found to be introducing vulnerabilities and back doors into organisations. Several independent security researchers have detailed flaws that can be exploited by attackers to not only bypass these defences, but also gain access to a privileged position on the network.

Let us not forget that the corporate network is not the only way into a system. Mobile users who connect to external networks, USB devices or rogue users can all cause serious damage. How well does a network solution prevent these common attack vectors?

Critical business data is accessed and stored on the endpoint, and as code either good, bad or unknown executes on the endpoint, the endpoint should be where you start when looking to secure your enterprise against the latest APTs and cyber threats.

Network security products are often viewed as a panacea to the latest threats an organisation is battling with. Buy a box, plug it in and wait for a wonderful report that tells you how many threats are blocked. This might seem like a great solution, but in practice is not the solution and just serves to give the illusion of a problem solved.

So, when it comes to security, always start from the endpoint and build out. A bank doesn’t leave the vault door open just because they have a security guard on the door - they start from the vault and layer security outward. In a business, data and IP is money - so as reassuring as it is to have something watching data coming in and out…if you don’t secure the endpoint you simply risk losing it all.

Photograph of James Maude

James Maude,

James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Capabilities to NIST SP 800-207

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.