Securing the endpoint in the
age of remote working
Channel partners have an important role to play in helping organisations ensure they have
robust security strategies in place. And with increasing numbers of businesses moving to
remote working models, it’s more important than ever for organisations to review and bolster
their endpoint security policies. Tamer Odeh, Regional Director at SentinelOne in the Middle
East, talks us through the key threats to the endpoint and outlines how organisations can
ensure they have a comprehensive endpoint security strategy in place.
Can you give us an overview of
some of the key threats to the
endpoint?
The endpoint is vulnerable to many types of
cyberattacks that include:
• Malware – Executables such as trojans,
malware, worms, backdoors, payloadbased
attacks
• Malware – Fileless includes memory-only
malware, no-disk-based indicators
• Exploits of documents – Exploits rooted
in Office documents, Adobe files, macros,
spear-phishing emails
• Exploits of browser – Drive-by
downloads, Flash, Java, Javascript, VBS,
IFrame/HTML5, plug-ins
• Live/insider scripts that include
Powershell, WMI, PowerSploit, VBS
• Live/insider credentials such as
Mimikatz, credentials scraping, tokens
However, the real question is not around
the types of attacks but their long-term
effects, the metrics cybercriminals use to
launch these attacks and the coding they use.
Every listed type of cyberattack
evolves by the hour and without strong
pre-execution infrastructure, even attacks
that are successfully mitigated can still
cause tremendous damage to the endpoint.
SentinelOne’s single-agent technology uses
a Static AI engine to provide pre-execution
protection. The Static AI engine replaces
traditional signatures and obviates recurring
scans that kill end-user productivity.
On execution, SentinelOne’s Behavioral
AI engines track all processes and their
interrelationships regardless of how long
they are active. When malicious activities are
detected, the agent responds automatically
at machine speed.
Its Behavioral AI is vector-agnostic,
covering file-based malware, scripts,
weaponised documents, lateral movement,
fileless malware and even zero-day threats.
SentinelOne’s Automated EDR provides
rich forensic data and can mitigate threats
automatically, perform network isolation
and auto-immunise the endpoints against
newly discovered threats. As a final safety
measure, SentinelOne can even rollback an
endpoint to its pre-infected state.
What is the impact of
remote working and BYOD
on endpoint security?
When accessing corporate networks
remotely, there is a higher risk of
unauthorised access and data leakage.
Employees may engage in behaviour they
would never consider at the office, such as
sharing a device with other family members
or using the same device for both personal
and work activities. Also, the use of Home
ISPs and public Wi-Fi services present an
attack surface that is outside of your IT or
security team’s control.
The biggest financial losses due to
cybercrime occur through Business Email
Compromise (BEC/EAC), where attackers take
over or spoof the account of a senior manager
or executive and use that account to instruct
another member of staff via email to make a
wire transfer to an overseas account, usually
on the pretext of paying a phony invoice.
With more and more staff members
working remotely, this presents an
opportunity for BEC fraud as the whole scam
relies on communications that are never
confirmed in person.
Phishing campaigns are a threat for all
employees whether they are based in-house
or remote, but for workers who are not used
to working ‘home alone’ and are now dealing
with an increase in email and other textbased
communications, it can be easier for
them to lose perspective on what is genuine
and what is a scam.
In particular, with a rise in malspam
playing on fears of Coronavirus from the
‘usual suspects’ like Emotet and TrickBot,
remote workers need to be extra-vigilant.
Unlike the desktop computers in
your office, which likely never connect
to any other network than the company
36