With cyberattacks continuing to increase, especially with the advent of AI, it is vital that businesses – including smaller ones – take effective measures to protect their endpoints, and resellers have a vital role to play in this.
With businesses of all sizes running more connected technology than ever, it means there are more endpoints than ever too – which also means more access points for cybercriminals.
While the threat posed by cybercriminals is recognised, some small businesses still don’t safeguard their endpoints adequately.
“While small businesses are becoming more switched-on about risks to their endpoints, there remains a considerable gap in understanding and putting safeguards in place,” says Peter Wood, chief technical officer at Spectrum Search.
“Many small businesses still believe they aren’t on cybercriminals’ radar, thinking that bigger, wealthier targets would be preferred. This misconception leaves them exposed, as cybercriminals often view small businesses as easy pickings due to their generally weaker security measures.
Kent Feid, senior director of product management at Quest Software, notes that SMBs often lack resources and their own cybersecurity teams, making them more vulnerable to attacks and less capable to recover quickly. “Consequently, a successful breach can lead to significant financial losses, reputational damage and operational disruptions that jeopardise the very existence of a small company,” he says.
Greg Day, VP and global field CISO at Cybereason, notes that, according to the World Economic Forum, there is an increasing skills divide between large and small businesses. “Larger organisations can afford to pay more for the limited skills available in the industry, leaving small businesses struggling to stay current in a rapidly changing environment,” he says.
“Most attacks focus on exploiting vulnerabilities in resources, rather than targeting specific individuals or companies. This misunderstanding leaves small businesses more vulnerable to attacks.”
Outsourced solutions
This means that SMBs increasingly don’t want to manage endpoint security in-house. “It’s far more preferable for SMBs to make use of managed services,” says Rachel Rothwell, regional managing director, UK and Ireland, Zyxel Networks. “MSPs should be highlighting their ability to provide good overall protection for the network and all endpoints from the outset, and their competence and capability in monitoring activity and keeping protection up to date.
“We provide them with the tools to do that through our Nebula cloud platform. Additionally, we are sharing security information from all the Nebula-enabled devices deployed around the world, to ensure that the security settings on all network devices are delivering up to date protection.”
Markus Rex, general manager – SYNAXON Services, agrees: “Our strong recommendation is that SMBs make use of managed security services, such as our ready-to-deploy Endpoint Security and Antivirus offerings.
“These services have been built specifically for partners to offer to their SMB customers. They enable partners to provide fully monitored, up-to-date protection for all endpoint devices to their customers. Partners don’t need to invest in their own infrastructure or specialist personnel, meaning big time and cost savings.”
Rise of EDR
While the threats to endpoints have increased in volume and sophistication so have the defences. One is Endpoint Detection and Response (EDR).
Troels Rasmussen, N-able’s GM of Security, says that vendors should offer endpoint protection solutions covering a range of defences including EDR, web filtering software for businesses, managed EDR, mobile device management, access control, network filtering and password management. “A multi-layered offering helps deal with a whole complex infrastructure to simplify safeguarding endpoints,” he says.
“Integrating an endpoint solution and other security tools will help resilience. If you have a dashboard pulling together remote monitoring and management tools, including enterprise-grade EDR capabilities, this will help prevent attacks and respond to threats. Features of an integrated EDR solution should also include offline protection, enhanced quarantine, automated rollback, and behavioural AI engines and machine learning.”
Greg adds EDR has become a necessity. “Traditionally, EDR and threat hunting required highly technical skills, so there is a significant push to make EDR usable by average security personnel in a timely manner,” he says.
Lance Williams, CTO at Distology, adds: “Detection is one thing and response is essential – if you’ve the skills in house to deploy, run and act on alerts generated by an EDR solution, then buy one. If you don’t, then you should consider running the native device security and subscribe to a MSSP or MDR, so that someone else can focus on the D and the R for you but be sure to understand what level of response you’ll get within the service.”
Shift
Karl Wilkinson from Lucid Systems adds there is a shift away from solutions that protect individual entities in an attack and response method towards more sophisticated EDR and XDR (extended detection and response) options. “Ironically, AI has caused significant growth in the volume of threats, yet it can also be used to predict attacks and provide zero-hour protection,” he says.
“Along with real-time defences, the latest endpoint protection solutions will look holistically protecting all end points within a network. This means that, as IT consultants, we can rapidly take the proper measures to protect other endpoints in your network from being attacked.”
Pieter VanIperen, Own Company’s CISO, agrees that the trend is shifting toward immutable infrastructure, with EDR that combines zero trust, user and entity behaviour analytics, and other signals to stop anything that deviates from what is known. “These EDRs are using AI to help enhance that understanding,” he says.
“We are moving beyond countering known threats and are now confronting the unknown. When everything is suspicious, organisations need a means to limit the noise, and so focusing on EDR technology is quintessential for resellers.”
Other trends
Kent adds that another key trend is endpoint security in the cloud. “With the increase in remote work and the adoption of hybrid and multi-cloud environments, the attack surface has expanded, necessitating the need to secure endpoints,” he says. “Integrating endpoint security with cloud platforms provides seamless protection and management across all devices, as well as flexibility and scalability. This trend reflects the need for comprehensive and adaptive security solutions in an increasingly digital and distributed work environment.”
Securing legacy systems and consolidating cybersecurity data are also important, Greg adds. “Alongside cutting-edge technology, there are legacy systems that often run offline and serve singular purposes on outdated hardware,” he says. “These systems need the same level of security as modern ones because they are more vulnerable due to the inability to patch them.
“Also, most organisations aim to consolidate their cybersecurity data to gain a richer, simpler view of what is happening within their business. While security information and event management solutions help with this, they were not designed for this specific purpose. EDR is better suited but often considered as a service due to the continuous maintenance required to understand evolving telemetry and the need for skilled monitoring to define appropriate response strategies.”
Richard Eglon at Nebula Global Services adds that Desktop-as-a-Service where MSPs and cloud service providers are delivering virtual desktops to end user clients is another trend. “This allows companies to centralise their security policies and have more control over their endpoint devices by proactively managing security updates and monitoring AI-enabled threats,” he says.
Role of AI
One of the biggest trends in the market – and biggest threats posed to endpoints – is artificial intelligence (AI). “AI is going to do something we haven’t seen in decades,” says Pieter. “There will be truly novel attacks that we have never thought of that will become available to adversaries. And it will take information security a few years to catch up with this type of attack.
“Endpoints are going to get breached using new techniques and that may not raise alerts against deny lists of known vectors and known suspicious patterns. Instead, we will have to hone XDR to only allow what we know is good.”
Richard Meeus, Akamai’s EMEA director of security technology and strategy, adds that cybercriminals are turning to generative AI to hunt for the easiest endpoints to breach. “They combine their attacks with social engineering to steal admin identities,” he says. “Attackers don’t need a battering ram when they’re given the keys.
“As a result of the advanced threat landscape, small businesses must look at upgrading their security accordingly. Even if the budget is limited, businesses need to cover their security basics, update tools, consistently train employees to be savvy security evangelists and deploy incident response plans.”
Melissa Bischoping, director, Endpoint Security Researcher, Tanium, adds that phishing and social engineering – still the most frequently successful initial access into an environment for an attacker – can be enhanced using large language models and AI tools. “More convincing phishing lures that are highly customised to a target can make it harder to spot common aspects of these attacks like poor grammar or misspelled words,” she says. “The emergence of deepfake tools presents an even more significant risk that an attacker could successfully impersonate a legitimate individual to bypass defences.
“Business users are bringing AI tooling and capabilities such as ChatGPT into their workflows. This can expose sensitive corporate data or personal information to those AI tools creating an unintentional spillage of data. This creates a new challenge of maintaining visibility and control over a growing number of endpoints, including IoT devices and virtual` environments.”
AEM
Melissa says that many are turning to autonomous endpoint management (AEM) for endpoint security. “AEM takes advantage of composite AI to provide intelligent automation and decision-making capabilities for managing IT endpoints,” she says.
“Using real-time data, the technology can make recommendations and automate actions based on AI insights, peer success rates and an organisation’s risk threshold. AEM is a force-multiplier for teams in IT operations and cybersecurity because it allows them to understand contextual risk in real-time, based on real data and immediately take appropriate action.”
AI protection
Samantha Cotton, head of channel UK&I at WithSecure, notes that AI is already used in threat intelligence to help predict attacks on endpoints and in behavioural analytics to detect anomalies which might otherwise go undetected.
“With so many tools available, as well as the rise of AI tools, businesses want a unified view of security to predict and prevent attacks,” she says. “This is where channel partners can add value.”
Dominic Ryles, director of sales and commercial at Exertis Cybersecurity, adds that AI can automate the process of scanning for vulnerabilities and developing exploits. “AI systems can rapidly identify weak points in security defences and create tailored exploits to compromise them,” he says.
“Organisations are using AI for threat detection and response, employing machine learning algorithms to identify and mitigate threats in real-time. Attackers can use adversarial techniques to trick defensive AI systems. This involves manipulating input to AI models in ways that cause them to make incorrect classifications and decisions.”
Dominic adds that AI can be leveraged to analyse user and device behaviour to detect anomalies and potential threats in real-time. “Likewise, there is predictive threat detection, which uses machine learning to predict and prevent attacks before they occur by identifying patterns and indicators of compromise,” he says.
Reseller conversations
There are various aspects that resellers should emphasise when promoting endpoint protection solutions to clients. Karl says SMBs often rely on resellers to keep them informed. “We’re constantly educating our clients about the latest security breaches and what they need to do to protect themselves,” he says. “By empowering them to improve their own knowledge, they understand what we recommend and why we’ve made those specific recommendations.’
Peter adds that resellers should stress several key aspects. “The first is the critical role of real-time threat detection and response capabilities,” he says. “Resellers should point out how cutting-edge solutions use AI to stay one step ahead of evolving threats.
“Secondly, ease of deployment and management is important, especially for businesses without dedicated IT security teams. Solutions offering comprehensive protection with minimal fuss will be more attractive. Thirdly, scalability and adaptability are vital characteristics, as solutions need to grow and adjust along with businesses and new threats. Lastly, resellers should underline the significance of ongoing education and support, ensuring that clients are always ready to tackle emerging cyber threats.”
Kent adds that no single tool can completely protect a consumer against threats. “Effective cybersecurity requires a multi-layered strategic approach that combines various tools and practices to address different types of threats,” he says.
Greg says resellers should highlight how the solution aligns with the skills available in the business. He adds that integration with an open cybersecurity data platform is also important. “Organisations want to enrich their security telemetry with other sources at scale using AI,” he says.
“For this to be effective, all security data must be normalised and contextualised. Currently, multiple security databases in different formats lead to a human-centric approach that is slower, more costly, and typically less valuable to the customer.”
Keegan Keplinger, senior threat researcher at eSentire, says resellers should highlight how solutions can adapt rapidly. “New detection approaches are constantly emerging but implementing them can be tricky unless your customer is able to adapt,” he says. “Helping them to be ready for changes is an ongoing opportunity beyond any product sale.
“Real-time and effective endpoint security requires additional services like subscribing to active threat research to know what threats are serious, and continuous engagement with the security platform powering the EDR solution to be truly effective. Keeping up with security is a full-time job, and you can help your customers with that knowledge.”
More than the obvious
Troels notes that all endpoints are at risk, not just the obvious ones. “It includes smaller devices like smartphones, smartwatches, and virtual assistants can be endpoints, each a potential security risk,” he says.
“Internet of things devices making their way onto business networks makes this even more complex. Resellers should highlight that any device that connects and exchanges data over the internet is a threat – even, for example, the network sensors that gauge temperature and other environmental factors in a manufacturing warehouse—they can all be a target and a ‘way in’.
“Cybercriminals have been proactive in evading traditional defences. They have developed malware that adapts its signatures regularly to avoid detection, while others use fileless attacks to set up a new admin account with strong privileges. Resellers must be aware of these threats so they can educate their customers on the tools they need to help stay secure and help them recognise that security isn’t an additional service, it should be the centre of their tech stack.”
Challenging silos
Samantha adds that currently too many cybersecurity tools are siloed. “Therefore, channel partners should be highlighting exposure management practices to provide organisations with a holistic view of their endpoint security and a clear understanding of their attack surface,” she says.
“With security products and services constantly advancing, channel partners should tailor their solutions and services to fit their customers’ requirements. Avoid overwhelming them with a multitude of features they will undoubtedly never use. Instead, offer valuable services that educate where necessary and provide insightful logs and actionable intelligence regarding their endpoint security and specific requirements.”
Jonathan Wright, director of products and operations at GCX, agrees. “Aside from the overlapping costs, the solutions may limit visibility and introduces gaps between tools for cybercriminals to exploit,” he notes.
“For MSPs to help organisations cover the expanding and fractured attack surface, they need to provide cloud security and zero trust architecture in a single stack to reduce gaps between tools and increase visibility.
“With 94% of organisations now deploying cloud solutions, a single stack solution has become increasingly central to provide visibility beyond just on-site endpoints and enable network-wide visibility and control via integrated XDR solutions. A zero trust approach then helps organisations go that step further to constantly monitor user behaviour across their estate, helping to tighten security across the stack and minimise threats.”
Jonathan adds that with BYOD policies and remote working becoming the norm, the number of endpoints expands beyond the traditional confines of the office. “This means that achieving complete visibility into network activity and constant attack surface monitoring is key to threat detection.
“Resellers should be highlighting how solutions integrate with the customer’s wider security suite, what the management layer looks like and whether a single stack approach may help remove older standalone services.
“We are beginning to see cloud-based security solutions take over, like Secure Access Service Edge and Secure Web Gateway, which can form part of a zero trust security strategy. With so many organisations rooted in the cloud and the rising volume and sophistication of threats, comprehensive cloud-based security architecture is central to ensuring external attack surfaces are effectively monitored and networks are kept safe.”
Specialised for MSPs
There are also endpoint protection solutions tailored for MSPs to offer to their customers. “There are some excellent options on the market,” says Karl. “As an MSP, we recommend the Microsoft Defender for Business bundled with the Microsoft 365 Business Premium.
“Microsoft Defender for business is a suite of products including Microsoft defender for endpoint, Microsoft Defender for Office and Microsoft Defender for cloud apps.
“Microsoft Defender for Endpoint integrates with the plethora of other Microsoft security products. It provides a more rounded and robust level of protection.
“What’s more, it comes with the ease of use that Microsoft is known for while also having access to the latest security settings and features companies may be looking for. The move towards subscription software solutions means that it’s easier for businesses to have the latest protections in place continually, and they can be easily scaled up as and when needed.”
Keegan adds that most endpoint solutions support ‘multi-tenancy’ – they have functionality for MSPs to serve multiple customers simultaneously. “The economic advantage of using a security provider versus building your own internal security team is that most security providers design their operations to work with small and medium businesses, and they represent a large share of the market,” he says.
Kevin Reed, CISO at Acronis, says that a particular trend is ‘living off the land’. “This is when attackers do not deploy malware at all but instead use legitimate tools, often supplied with an operating system, to achieve their goals,” he says. “For example, in-memory PowerShell execution is a common tactic for advanced attackers nowadays.
“Protecting from these kinds of threats requires new class of defensive software like EDR that rely not on detecting malware, but on behavioural patterns, even when standard tools are used.
“Advanced Security + XDR is a perfect solution for MSPs, as it offers complete, natively integrated protection built for them to swiftly prevent, detect, analyse, respond to, and recover from incidents across most vulnerable attack surfaces.”
