Stephan Gilliland - Head of Information & Cyber Security Portfolio at CoCre8.

Business has been digitalising and moving online for years, but the Covid-19 lockdowns gave this trend fresh impetus. Businesses that were sceptical about remote work found out the hard way that a flexible approach to work styles was essential to building resilience. As a result, the corporate network has definitively broken out of its castle, with employees using a wide range of devices to work on, and access the network.

In parallel, the adoption of Fourth Industrial Revolution technologies is seeing millions of sensors connect to corporate networks. This Internet of Things creates another threat surface that needs protecting.

No surprise then that the endpoint security market was worth $11.192 billion in 2022 and is expected to more than double to $29.752 billion in 2027, according to Statista. But, as always, well-resourced cybercriminals are in hot pursuit. The Ponemon Institute’s research indicates that 54% of respondents had an average of five attacks on their organisation’s endpoints; as a result, 63% have prioritised prevention and detection of attacks against endpoints within the overall IT security strategy.

The biggest threats to endpoint security are ransomware (48%), zero-day attacks (45%), DDoS (43%), credential theft (39%) and distribution point sprawl (34%). But, if you think about it, it’s the sprawl that underlies the other risks. Just getting visibility of these thousands of distribution points is a challenge, but then they need to be monitored and protected. 

Even more perturbing, 60% of organisations reported unhealthy applications at any given time, a clear indication of the scope of the challenge. Seventy-eight percent of security leaders lack confidence in their organisation’s security posture, with 63% of respondents citing lack of visibility as the most significant barrier to achieving a strong endpoint security posture.

The Ponemon Institute estimates that the average cost of an endpoint attack is $1.8 million annually. While this figure applies to larger companies, the point is that endpoint attacks are costly whatever the organisation’s size. System downtime is the most significant cost consequence of an endpoint attack, researchers found.

In response, anti-virus software has been supplemented by endpoint detection and response (EDR) and, now, extended detection and response (XDR). EDR is a security solution for endpoints that continuously monitors devices to detect and respond to cyber threats; XDR takes a wider view, integrating security across endpoints, the cloud, e-mail and other platforms or applications.

 All well and good, but how is the CISO to know that the antivirus software and EDR or XDR applications are installed, running and up-to-date? That all the patches are updated regularly?

“That’s where Absolute Software comes in. Absolute has a very privileged relationship with the leading manufacturers, companies like Lenovo, Acer, Asus, Dell, HP, Microsoft, Fujitsu, Samsung and many more,” says Stephan Gilliland, Head of Information and Cyber Security Portfolio at CoCre8. “This means that Absolute is embedded in most devices’ firmware. Once a licence is purchased, the IT department can gain visibility of all the endpoint devices on the network; control and remediation become possible across the entire endpoint universe.” 

In today’s hyper-distributed IT estate, this visibility is crucial. Absolute provides a cloud-based dashboard that alerts security staff when risks appear. It’s also easy to ensure that all corporate devices have the same version of the anti-virus or XDR software.

At the core of the Absolute platform is Absolute Persistence, a patented technology that is the only security solution that will survive attempts to disable it, even if the device is re-imaged, the hard drive is replaced, or the firmware is updated. Ransomware attacks typically try to identify and then switch off the anti-virus, but Absolute has the unique ability to self-heal, and maintain protection. 

Absolute also has the ability to retain its connection to stolen or mislaid devices. When this occurs, the device can be frozen, and sensitive data can be remotely deleted to protect it. Furthermore, Absolute’s 24/7 helpdesk can monitor the physical whereabout of a stolen device and dispatch a specialist retrieval team to reclaim it. 

“In one case, a device stolen in the Eastern Cape surfaced several months later in Afghanistan; subsequently, the Absolute retrieval team was able to get it back to our client in a matter of days,” Gilliland says. 

An important principle is that of automation, which looks set to become a key part of the CISO’s armoury when it comes to endpoint security. According to the Ponenom Institute research referenced above, automation has yet to make a significant impact on the job of managing endpoint security. 

However, Absolute’s Persistence technology is a step in the right direction, says Gilliland, because it does not require a human interface. This is particularly important given the need for swift reaction, but also the sheer scale of the attacks. 

“The days of the firewalled network are gone; it’s up to the CISO to take on the challenge of ensuring that the growing sprawl of endpoint devices can be managed and protected successfully,” he concludes. “The right security software is tical.”