Endpoint Security: Helping to realize the benefits of SASE

April 1, 2021 | Lisa Ashjian

Endpoint security is at the forefront of digital transformation due to the very nature of needing to protect devices outside the company’s network perimeter. This started with traditional devices such as laptops and desktops.  Endpoint security then quickly expanded to include mobile security, for smartphones and tablets. And, as more data moved to the cloud endpoint security came to include servers and containers, both inside and outside of the network perimeter. In contrast, network security is designed to protect the corporate data that resides on-premise or between specific office branch locations. This leaves endpoint security as one of the few ways to manage and help protect that data from anywhere else. And because of this, the endpoint security technology has been forced to drastically improve over time to keep up with the evolution of the workplace to more remote work and the ever-growing threat landscape.  

The future is fast and highly secure

With new technologies emerging, such as 5G and Edge solutions, a whole new era of digital transformation will take place to take advantage of the fast speeds and ultra-low latency these new technologies enable. New use cases will develop that weren’t possible before such as enabling an electrician to operate more efficiently through augmented reality assistance, or for a clothing store to allow customers to virtually try on clothes, or other highly interactive and immersive customer experiences with real time analytics that help improve brand image. All these new use cases happen through interaction on an endpoint of some type and these endpoints must be protected.

Today, there are highly sophisticated unified endpoint management (UEM) solutions that can enforce management policies on all types of devices. There are next-generation endpoint security solutions that incorporate Artificial Intelligence (AI) and Machine Learning (ML) to help protect against known and unknown threats. And, mobile security solutions to address the unique challenges brought about from the proliferation of smartphones and tablets. All these solutions have been purpose-built to address the changing dynamics of remote workers and cloud adoption.

SASE: the next-gen network security solution

As this digital transformation occurs with faster speeds, edge technologies, and improved endpoint security, network security elements remain on-premise creating several potential issues. Security gaps between on-premise, cloud, and endpoints leave businesses vulnerable to malicious actors who take advantage of these weaknesses. Also, this on-premise network security model creates unsustainable latency that inhibits businesses from realizing some of the most advanced and immersive use cases they want to pursue. Thankfully, new methods and frameworks to approach network security are emerging such as Secure Access Service Edge or SASE (pronounced “sassy”). SASE places network controls on the cloud edge as opposed to the corporate data center, closer to the service being accessed. This is a very exciting next phase of technology and that endpoint security solutions welcome with open arms. This emerging SASE framework holds the promise of providing highly secure network access as close to the end user as possible and is designed to  further enable use cases that rely on ultra-low latency and fast network speeds and help bridge the final layer between endpoint security and network security.

SASE doesn’t replace endpoint security

Today’s endpoints are highly sophisticated- processing vast amounts of data quicker than ever. And, endpoint technology improves by the day. New ways of processing data, AI, and ML are all contributing to the path of advanced solutions that change the way we live, work, and play. But with any endpoint capable of this high processing power, they are also susceptible to cyber-attacks of all types. No amount of network, edge, or cloud security can replace security on the endpoint itself. Endpoints must be both managed and  protected  with UEM solutions, next-generation endpoint protection platforms, and mobile threat defense solutions.

Implementing an industry leading UEM solution is paramount given these circumstances and should be part of every endpoint security strategy. UEMs onboard, deploy, configure, and enroll devices so that the workforce can get up and running quickly. They help devices stay compliant with industry- and company-mandated regulations. UEMs today are also able to do advanced IT management actions like view or remote in on a device as if they had the device in their hand to help troubleshoot issues.

Next-generation endpoint protection platforms (EPP) and endpoint detection and response (EDR) on laptops, desktops, servers, cloud, and containers provide a crucial layer of protection for the endpoints.  They help protect the endpoint itself from attacks. One excellent use case is the protection elements offered when ransomware strikes. An endpoint security solution that can rollback that endpoint to a previous clean state will help businesses avoid the costly expense of a ransomware attack and  damage to their reputation.

Mobile threat defense (MTD) solutions are designed to protect against mobile threats on iOS and Android operating systems. Businesses should look for a solution that protects against key threat vectors for mobile devices such as device, network, application, and phishing threats.

Ultimately, a holistic endpoint security strategy considers UEM, EPP/EDR, and MTD all crucial components to implement within the business.

SASE should integrate with endpoint security

Part of realizing the full benefit of SASE is through Zero Trust capabilities. It is through integration with endpoint solutions, like UEM, EPP/EDR, and MTD, that businesses can gather device context and improve decision making on who to give access to and what type of access they need. The SASE solution will want to verify that the device meets the policy requirements set by the business and that it is in a healthy status. It will want to know if any odd behaviors were occurring on the device or with an application running on the device. And, SASE will need ways to support both managed and unmanaged endpoints such as BYOD. Integration with endpoint security and mobile security solutions will be able to provide this visibility into the device.

But endpoint security solutions can offer so much more than just device context capabilities for SASE. Another great benefit of an endpoint security solution is the ability to allow for multi-factor authentication. Through leading UEM solutions, companies can require anyone accessing their sensitive corporate data to verify their identity- and can even utilize biometrics from the endpoint device such as fingerprint scanning or facial recognition.

Paving the way for change

Overall, I can’t think of a more exciting and fulfilling time for technology and security to come together to securely enable the future. Combining advanced and ultra-fast networks with inventive endpoints providing all new immersive experiences, to the end-to-end security elements that enable these to perform at their peak are all game changers. By implementing endpoint security and SASE solutions together, businesses can stay focused on their core competencies and innovate in a highly secure manner to delight their customers.

Lisa Ashjian

About the Author: Lisa Ashjian

Product Marketing Manager, AT&T

Read more posts from Lisa Ashjian ›

‹ BACK TO ALL BLOGS

Get price Free trial