- As healthcare organizations deploy more mobile devices into their health IT infrastructures, networks can become more vulnerable because malware has more opportunities to affect the networks. This is where evolving endpoint protection platforms (EPP) can benefit healthcare organizations.
Typically, securing endpoints is a multi-tiered process for IT administrators because each kind of endpoint needs a complementary EPP to ensure that the devices are completely fortified against attacks common for a particular device.
However, a recent Gartner report predicts that EPP and endpoint detection response (EDR) technology will merge by 2019, eliminating the need to purchase different solutions for specialized environments. For example, connected medical devices can be served by the same EPP as smartphones and tablets.
According to Gartner, the EPP is an integrated solution that contains anti-malware, personal firewalls, and port and device control. EPP solutions will often also include vulnerability assessments, application control and sandboxing, enterprise mobility management, memory protection, EDR, data protection, and endpoint data loss prevention (DLP).
Gartner analysts predict that the EPP market is expanding again as new vendors are beginning to bring in new features, challenging veteran EPP vendors. Some of the newer solutions are categorized as complementary, meaning that they can be added on top of traditional EPP solutions. These vendors are identified in Gartner’s visionary magic quadrant category.
“We estimate that 90 percent of visionary products are running in tandem with other solutions,” explained Gartner analysts. “Roughly, 6 percent of organizations are now running with two solutions. However, as confidence in the visionary vendors is increasing, we are starting to see complete displacements. Concurrently, the old guard is starting to innovate or acquire new technology.”
Gartner outlined the three primary concerns EPP solutions currently deal with: malware detection effectiveness, performance impact on host machines, and administration overhead.
Analysts found that many EPP solutions lag behind in malware detection because they still depend too heavily on reactive indicators (i.e. IP address, URL, file hash), which many hackers have a relatively easy time getting around.
EPP solutions need to adapt as well and change how they protect the network as attackers become more skilled. This is why newer solutions and vendors are seeing success with their cybersecurity techniques.
However, it is unclear if attackers will evolve by finding product flaws, eventually making the new techniques less effective than traditional defenses.
“Most attacks exploit well-known unpatched vulnerabilities, use social engineering to trick users to install trojan malware, or use interpreted code such as Java or Visual Basic to download and install malware,” said report authors. “Comprehensive patching programs and application control remain extremely effective measures to thwart all three common malware attack techniques, and leading EPP solutions are adding them as preventative strategies.
“However, these proactive measures require more administration overhead, consequently they have failed to gain widespread adoption. Vendors are responding to this dilemma by containing unknown code and automating the classification process to streamline the change control process.”
More EPP vendors are adding EDR capabilities to improve threat detection by allowing organizations to discover threats much sooner.
Healthcare organizations are particularly susceptible to cyber-attacks because medical information is worth 10 times more than credit card numbers on the black market. Organizations may not want to risk newer EPP solutions in the event they are proven to not be as secure as traditional solutions because of the threats healthcare organizations face.
Healthcare organizations may be more inclined to continue to layer their endpoint security in the face of different kinds of devices connecting to the network. IT administrators must utilize physical and virtual security solutions that work together to ensure cyber-attackers cannot infect the network.