EXPERT
OPINION
Securing
the endpoint
in the age
of remote
working
With increasing numbers of businesses moving to remote
working models, it’s more important than ever for CISOs to
review and bolster their endpoint security policies. Tamer
Odeh, Regional Director at SentinelOne in the Middle
East, talks us through the key threats to the endpoint
and outlines how organisations can ensure they have a
comprehensive endpoint security strategy in place.
Tamer Odeh,
Regional Director
at SentinelOne in
the Middle East
CCan you give us an overview
of some of the key threats to
the endpoint?
The endpoint is vulnerable to many types
of cyberattacks that include:
• Malware – Executables such as
trojans, malware, worms, backdoors,
payload-based attacks
• Malware – Fileless includes
memory-only malware, no-diskbased
indicators
• Exploits of documents – Exploits
rooted in Office documents, Adobe
files, macros, spear-phishing emails
• Exploits of browser – Drive-by
downloads, Flash, Java, Javascript,
VBS, IFrame/HTML5, plug-ins
• Live/insider scripts that include
Powershell, WMI, PowerSploit, VBS
• Live/insider credentials such as
Mimikatz, credentials scraping, tokens
However, the real question is not around
the types of attacks but their long-term
effects, the metrics cybercriminals use
to launch these attacks and the coding
they use. Every listed type of cyberattack
evolves by the hour and without strong
pre-execution infrastructure, even
attacks that are successfully mitigated
can still cause tremendous damage to
the endpoint.
SentinelOne’s single-agent technology
uses a Static AI engine to provide
pre-execution protection. The Static AI
engine replaces traditional signatures
and obviates recurring scans that kill
end-user productivity. On execution,
SentinelOne’s Behavioral AI engines
track all processes and their
interrelationships regardless of how long
they are active. When malicious activities
are detected, the agent responds
automatically at machine speed.
Its Behavioral AI is vector-agnostic,
covering file-based malware, scripts,
weaponised documents, lateral
movement, fileless malware and even
zero-day threats.
SentinelOne’s Automated EDR provides
rich forensic data and can mitigate
threats automatically, perform network
isolation and auto-immunise the
endpoints against newly discovered
threats. As a final safety measure,
SentinelOne can even rollback an
endpoint to its pre-infected state.
What is the impact of
remote working and BYOD
on endpoint security?
When accessing corporate networks
remotely, there is a higher risk of
unauthorised access and data leakage.
Employees may engage in behaviour
www.intelligentciso.com | Issue 25
41