Endpoint security is back. As noted by Dark Reading, focus on endpoints waned in the early part of the 21st century as companies moved to cloud-driven services and the sheer number of endpoints quickly became too much for even well-trained IT teams to monitor. But over the last twelve months a host of startups have emerged, all offering ways to help manage endpoint security and detect incoming threats. At Nexthink, we’ve developed an innovative, end-user focused solution to help manage this monitoring challenge — here’s a look the top five suspicious endpoint actions.
Abnormal Access Requests
Many companies now leverage multiple offices across large geographic gaps to serve a worldwide audience. One telltale sign of an endpoint problem is if strange access requests start happening at satellite sites — these might be after-hours requests or involve the transfer of large files from one directory to another. Network access comes with predictable patterns; if something is out the ordinary, find out why.
Odd Software and Processes
Remember the BlackPOS malware used in the massive Target breach? The code came from a third-party HVAC supplier who had access to Target’s network and subsequently infected thousands of the company’s POS terminals. What does this mean for endpoint action? That some of the biggest threats come from known actors on your system; you need to know what they’re doing, why, and when.
Careless and Malicious Activities
Most insiders don’t mean to compromise your network. They might use a non-approved cloud service or connect to an unprotected hot spot but don’t have any malicious intent. There are, however, occasional employees looking to harm your company or steal corporate secrets. They’re responsible for one of the most suspicious endpoint behaviors: Strange habits. Are they suddenly logging on from home at all hours of the night or transferring large files off local stacks? If so, you may have a breach in progress.
Network Traffic Spikes
While no network is entirely consistent your particular set of apps, appliances and services comes with a largely predictable bandwidth usage footprint over time. If you start seeing large, unexplained bandwidth spikes, resource calls or activity without users present be very, very suspicious.
Recurrent Failures and Slowdowns
Services on your network inevitably crash, hang or completely fail — in many cases it comes down to user error or configuration issues. If you notice a consistent pattern of failure or increasing failure rates over a small period of time, however, your endpoints may be under attack.
Odd endpoint action is often the early warning sign you need to identify threats and stop attacks before they compromise your system. Want clear sight of the top five above? Opt for real-time end-user analytics and stay ahead of bad behavior.