Is Cloud Security Losing Sight of Endpoints?
Cybersecurity changes quickly, and in the race to keep pace with attackers, important elements of security may get left behind. For example, cloud and mobile computing transformed the way organizations do business, which forced cybersecurity to make big changes as well. Once smartphones began performing workplace operations and computers adopted software-as-a-service (SaaS) applications, security could no longer be achieved behind an enterprise firewall. As organizational data and devices traveled beyond the office, the old castle-and-moat approach to cybersecurity became obsolete.
Cloud-based services have grown increasingly popular, resulting in many cybersecurity vendors shifting their focus to cloud security. However, in the rush to secure the cloud some other attack vectors, like endpoints, are being neglected. This can be a costly oversight, given the extensive libraries of published vulnerabilities available on the Internet. The MITRE corporation has curated decades of common vulnerabilities and exposures (CVEs) for operating systems, applications, and software libraries. Are threat actors more likely to spend time trying to break cloud security or exploit known tactics against vulnerable devices connected to the cloud?
Cloud security does not need to be compromised when attackers can simply exploit devices that are already trusted. Even the way some vendors implement cloud security can expose endpoints to risk. Consider these two popular methods of cloud-based endpoint security:
- Cloud services pushing updated threat information and security patches down to connected clients
- Clients sending threat telemetry into the cloud where it is analyzed by vendor services
These methods both have advantages and disadvantages, but the obvious questions to ask is what about endpoints that lose connection to the cloud?
Devices may lose connectivity with the cloud for a variety of reasons. Some technology may only be used occasionally, and powered down most of the time. Some devices may experience problems with automatic software updates that result in security patches failing. Other devices may refuse to apply certain updates because they conflict with existing software that is critical for productivity. Whatever the case, endpoints that rely on the cloud for security may become vulnerable when they are not continuously connected to it. For this reason, cloud security alone is not a sufficient solution for defending against cyberattacks. Businesses need a platform that protects cloud-based transactions and endpoints equally.
Neglecting Individual Security Leads to Collective Failure
Many security procedures rely on systems that have a single point of failure. Consider passwords. If an organization uses passwords, but no other form of identity authentication, they are exactly one step away from being compromised. Of course, many modern businesses use some form of multifactor authentication (MFA), so this may seem like a moot point. However, consider one of the most popular ways remote employees connect to the workplace–virtual private networks (VPN). When a user authenticates via VPN, their credentials are approved for the network. Much like a single password can grant a user access to a machine, a single successful VPN login authenticates a user to the entire network. This is a single-point-of-failure approach to network access.
BlackBerry avoids problems like this by taking a holistic, multi-layered approach that secures organizations at the cloud, network, and endpoint level. For example:
- BlackBerry protects endpoints with CylancePROTECT, an on-device AI-driven security agent that detects and prevents malware threats with over 99% accuracy. Devices remain continuously secure and capable of performing local threat detection and remediation regardless of their connectivity to the cloud.
- CylanceGATEWAY provides secure access to SaaS applications and other cloud resources by authenticating users to specific apps, not the entire network. It provides split-tunnel functionality to allow encrypted business communication to occur alongside open browsing. It also uses Cylance AI to detect suspicious behavior throughout the environment, an important feature for implementing Zero Trust Network Access.
- CylanceGUARD provides organizations a managed extended detection and response (XDR) platform staffed 24x7x365 by professional security analysts. This service offers businesses a way to overcome the massive cybersecurity skills gap that makes it difficult to establish an in-house SOC. Managed XDR provides organizations with trained security analysts operating a world-class cybersecurity suite at an affordable cost.
Securing the cloud is important – but so is device, user account, and application security. If a device is compromised, and legitimate user credentials are used to VPN into an environment, the network is compromised. BlackBerry fixes this problem by using Cylance AI to protect individual devices, limiting remote access to approved applications, and continuously monitoring the environment for threats.
MSSPs Can Increase Security Coverage for Customers
Protecting cloud-based assets is a primary concern for the cybersecurity industry, which is why so many vendors narrowly focus on their cloud capabilities. However, partnering with a vendor who only excels at cloud security leaves half of the problem unsolved. MSSPs can help their customers by ensuring that devices, networks, and cloud services are all enjoying an equal level of protection.
Of course, it is important for MSSPs to partner with a security vendor who offers the needed services without demanding they also accept unnecessary ones. Some vendors will not provide specific pieces of a security platform separate from their entire suite of cybersecurity tools. This leaves MSSPs in a position where they risk duplicating their offerings, or losing a significant control over their cybersecurity services. Fortunately, other vendors are more MSSP friendly and willing to accommodate the needs of service providers.
If you’re seeking an advanced security solution that protects your customers in the cloud and beyond, please visit our BlackBerry MSSP Partners page.
Guest blog courtesy of BlackBerry Cylance. Read more BlackBerry Cylance blogs here. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.