Blog WatchGuard

Why endpoint security and MFA should always go together

The current cyberattack landscape has forced companies to look for new forms of protection, which is why they are increasingly resorting to the use of cyber insurance. The figures are alarming: 148,104 malware attacks are launched every day, which translates into 6,172 attacks per hour. The consequences of a breach can mean dedicating a large part of a company’s resources to restoring computer systems and dealing with any ensuing penalties and lawsuits. According to data from IBM, on average a data breach costs an organization 4.35 million dollars. 

Given the rapid rise in the number of threats, insurance companies are introducing new cybersecurity requirements and maturity guarantees. To be eligible for a policy, companies need to have basic elements such as a multi-factor authentication (MFA) solution, regularly checked external and internal backups, and a cyber incident response plan. In addition, depending on their size, organizations must prove that they have dedicated cybersecurity staff or that they work with an external provider that provides cybersecurity services, as well as endpoint security solutions that form a Zero-Trust model to ensure layered protection of the company IT infrastructure against all types of threats.  

Why are these solutions important? 

Traditional logins with user IDs and passwords can be easily compromised. Generally speaking, people tend to reuse their passwords or set up simple passwords on the assumption that their accounts are not of interest to cybercriminals. 

For this reason, more and more companies are requiring MFA to use their products, as this solution is recommended in order to prevent attacks resulting from credential theft.  For instance, the US national cybersecurity chief has stated that implementing MFA can prevent up to 80-90% of cyberattacks.  

However, not all MFA options provide the same level of protection. Cybercriminals know how to employ sophisticated tactics to circumvent some of the most used methods, such as one-time codes sent via SMS. So, what happens if the attacker manages to gain access to the network? 

If malicious cyber actors manage to get past the MFA barrier or, perhaps, gain access to a computer remotely through legitimate remote connection tools such as Remote Desktop Protocol (RDP), they will attempt to take control of the system to advance the attack. Once inside, they will try to access other systems by moving laterally within the network and thus obtain privileged credentials that will enable them to reach the company's sensitive data. These types of techniques are typical of malware attacks, known as ransomware, where hackers take advantage of system weaknesses and the use of tools to target an attack with the aim of stealing information, encrypting data and then demanding a ransom. Alarming data reveals that 338,000 new malware and potentially unwanted applications (PUAs) are detected every day. 

To prevent these types of attacks, companies must deploy a solution that can provide protection, detection, and response at the endpoint.  

MFA + Endpoint Security: the winning combination 

The best way to protect a company's network is to use complementary MFA and endpoint security solutions. Implementing both technologies strengthens security in the following ways: 

  • MFA is the first barrier to preventing credential theft. However, 86% of organizations use it via email or SMS which, while adding a layer of difficulty, can be circumvented. To avoid this, it is important to get an advanced solution that incorporates features such as mobile DNA to eliminate the possibility of hackers gaining access to the network by using compromised credentials.  
  • If cybercriminals attempt to deploy the malware within the network using other attack vectors such as phishing, exploiting vulnerabilities or social engineering, a security solution at the endpoint will be needed to halt the attack. Through its Zero-Trust Application Service, WatchGuard EPDR technology continuously monitors endpoints and, with the help of artificial intelligence, classifies all processes and applications on the system as malware or goodware, preventing them from being executed if they are not verified as trustworthy. This technology makes it possible to ensure only those processes that have been classified as trusted are run on devices. In addition, in combination with the Threat Hunting Service, this service can detect anomalous or unusual behavior carried out by hackers attempting to deploy malware using advanced tactics with legitimate tools that go unnoticed in order to perpetrate an attack. 

Achieving comprehensive, simplified, automated and intelligent management of these solutions is possible with WatchGuard's Unified Security Platform architecture, which is designed to replace the patchwork approach to security that, according to Pulse survey data, 95% of MSPs believe interferes with their teams’ productivity.  

It makes sense that insurance companies now require the combined use of these solutions. It's a winning combination that substantially reduces a company’s chances of suffering the negative impacts of a data breach.