Achieving Cybersecurity On A Journey That Starts At The Endpoint

2020 has seen a huge increase in the number of employees working remotely around the globe.  Large numbers of these employees are using their personal devices for work, rather than corporate-issued ones. This comes as a result of the speed with which organizations have had to enable remote work due to the unforeseen scale of the Covid-19 pandemic. Keeping up with this trend has, in many cases, meant sacrificing security.

Every endpoint within an organization serves as a doorway to its corporate assets. Whether that door is made of reinforced steel with an intricate locking system, or whether it’s a simple beaded curtain, the safety of your network and data fundamentally depends on the security of the endpoint. Most of us don’t implement the same stringent security measures on our personal devices that IT teams do on corporate issued ones. This means that each time we access work resources such as email accounts from our smartphones, we’re potentially enabling bad actors trying to tap into our organization’s network.

Endpoint detection and response (EDR) solutions allow organizations to continuously monitor and respond to any cyber threats targeting their endpoints. They combine real-time monitoring technology, which collects data from each endpoint, with automated analytics in order to identify and mitigate threats.

To find out more about the criticality of endpoint protection in a world newly centered around remote workforces, we spoke to Charlie Thomas, CEO at deepwatch. With over 20 years in leading start-ups and growth-stage technology companies, Charlie has gained a wealth of experience in the cybersecurity space and has witnessed the evolution of the industry first-hand.

deepwatch was launched as an innovative, customer-centric provider of managed Detection and Response, managed EDR and vulnerability management solutions. Their unique architecture and cloud-native technology strategy resulted in positive market feedback and rapid growth. deepwatch’s Cloud SecOps platform is built on a combination of their own software, technology, and maturity model, integrated with a select range of best of breed commercial off the shelf tools such as Splunk, Tenable and CrowdStrike. With this technology, they provide 24x7x365 monitoring, as well as deep analyses and meaningful insights into their enterprise customers’ states of security.

The Journey To Securing A Remote Workforce

“Cybersecurity has extraordinary implications on an organization’s brand, their assets, and everything that they do,” says Charlie. “With the number of folks that are working remotely – securing their data, their devices and their access – the attack surface has definitely expanded. The various ways that corporate assets are accessed has accelerated the number of companies that have migrated systems and data to the cloud.”

Some organizations, like deepwatch, are cloud native by nature, but the majority have had to migrate to cloud ways of working very quickly in the past year. “This has led to three main challenges for IT teams,” says Charlie.

“The largest challenges have been supporting the remote workforce, protecting enterprises, and making the best investments in security solutions,” he says. “Everyone has a finite budget on what they can invest and they want to make it in solutions with the best protection.” There isn’t a single silver bullet solution that will solve every problem, and no company is 100% breach-proof, so knowing where to get the best return in investment is crucial when it comes to cybersecurity. To assure both time and money are well spent, it’s important that organizations assess their risk levels and locate the areas in which they’re most vulnerable. deepwatch provides their customers with an overall maturity score that outlines their status in terms of risk and provides insight into where funds are best allocated.

“No one’s perfect,” Charlie explains, “Most organizations rank in the 4-6 range [out of 10] when the security maturity is first scored. This score provides a roadmap on how to best improve. Everyone’s going to have some degree of exposure, but it’s about constantly and incrementally adjusting that risk dial down.” This incremental improvement is particularly important for companies that may not have the budget to make large security investments at once, nor the resources needed to ensure they’re getting the most use out of their solution. “Even Fortune 500 companies are outsourcing this function because they don’t have the team or the assets,” Charlie adds, before reiterating that an overcrowded market can also be a challenge for organizations trying to decide which solution to invest in. “We’re constantly evaluating the best of breed and adding things to our Cloud SecOps platform, so customers don’t have to worry about that. We take care of that research for them.”

One of the greatest strengths of the cybersecurity industry is that organizations face these risks and threats together. “The industry does an awesome job of being transparent; sharing information and working together in collaboration to fight these attacks”, says Charlie. “We’re on this journey together.”

Endpoints Provide Access For Employees, Customers And Attackers Alike

“Endpoints are vulnerable because of the sheer number of them,” explains Charlie. “Whether it’s a mobile device, or a laptop, tablet or other connected device – there’s a large number of them, and that continues to grow.” This growth stems from the increasing business need for information access on two fronts. Firstly, an organization’s employees need to be able to access corporate resources in order to do their jobs. Secondly, customers have significantly increased their volume of digital transactions across all industries. This plays a huge part in digital transformation, and a company’s ability to become digital native: enabling the customer to access their platform via multiple mediums.

Unfortunately, allowing this access comes at a price. More endpoints equates to more points of vulnerability for hackers to exploit, thus the need for a more comprehensive security strategy and investment on the part of the organization. This is particularly true of BYOD (bring your own device) workfleets, where devices are more exposed to threats.

“You don’t get the benefit of a corporate IT team securing the home network, the home environment, and the mobile device. There are technologies used but they don’t offer the same degree of protection that you would get in a classic enterprise office environment,” Charlie explains. “Companies need to balance the need for frictionless access to information with the need for adequate security.”

“Security awareness training plays a part in solving this challenge,” Charlie says. “Awareness brings discipline in terms of education. For example, creating a much higher degree of knowledge and awareness around phishing and being vigilant in terms of what you click on and open, but also around patching and vulnerability management. Not everyone is diligent about downloading security patches and making sure they’re installed.”

The Future Is A Security Arms Race

“When it comes to the future of cybersecurity,” Charlie says, ”threat actors will continue to carry out state sponsored attacks to help countries gain political, economic, social and military advantages. This will cause disruptions in particular to economic systems and government supported industries. Even schools are being attacked by ransomware. There’s any number of ways that people can be impacted.”

To combat these high-level attacks, we can expect the production of increasingly sophisticated technology, particularly around data management. “We’ll see the ability to track data down to a minute level – to see where it goes, where it originated, and to manage data at a very granular level, which will have a big impact on the way that security is provided to organizations.”

“There will be a continual evolution of tools and technologies [to mitigate these attacks],” Charlie says. “It’s somewhat overwhelming for corporate IT teams to evaluate all of that.” Due to this, the demand for outsourced security will also continue to grow. “It’s effectively an arms race, in this industry, for customers and even countries.”

Cybersecurity Is A Collaborative Effort

Finally, we asked Charlie what steps he would recommend that organizations take to secure themselves against increasingly sophisticated attacks.

“Number one is employee education and awareness, both at the board level and employee level. This isn’t a function of solely the IT or security department – everyone that’s part of the company has to help,” he begins. “It’s a collaborative and collective effort to protect the company’s assets and even in our own personal lives.”

Charlie’s second tip was to ensure better security hygiene and vigilance across the organization. “Managing device passwords, downloading the latest versions of software – it’s about vigilance for everybody, consumers and employees alike.”

Thirdly, organizations should invest in third parties to help them analyze and assess the risks facing them and work out the best steps they can take in order to mitigate those risks specifically. “Trust third parties to be an extension of your team,” Charlie says. “At deepwatch, we learn from every single customer, every network and every organization, and we apply those learnings uniformly to all of our customers at once.” This crowdsourcing of information has become ever more valuable with the increased development of AI and machine learning technologies in recent years, and ensures that companies benefit from protection against even the newest emerging threats.

“Security is a collaborative effort.”

Thank you to Charlie Thomas for taking part in this interview. You can find out more about deepwatch and their Cloud SecOps platform at their website and via their LinkedIn and Twitter profiles.