Endpoint protection: a crucial part of IT security

Orange Belgium recently revamped its product offering, creating a range of solutions under the name Connected  that provide the answer to the changing ICT needs of businesses. Secure Business is one of the key pillars. We talked about it with Aubrey Beelen, Product Manager IT Solutions, and Patrick Gillis, Head of B2B ICT Product Solutions, Pre-Sales & Bid Management. They updated us on the latest trends in cybercrime and the importance of endpoint protection to protect your organisation.

How was the new product offering under the name Connected developed?

Patrick: “Market surveys and discussions with our customers helped us identify several key trends. The first is the accelerated digital transformation. Hybrid working has become the new normal, but it requires fast data access for all employees.

“A second evolution is the use of cloud services. In the consumer market, cloud applications had been common for quite some time, but now we are seeing a considerably higher level of adoption in the business world as well. IT security in our society is also subject to more and more regulations, such as NIS2 and DORA, and there is a growing focus on sustainability. And finally, it would seem that our society is in a state of permanent crisis. We have positioned our product offering in a way that responds to these trends.”

What pillars are the foundation of this product offering?

Patrick: “Connected creates a narrative for our customers that converges around five pillars. The cornerstone is multi-gigabit connectivity, be it mobile, via cable or fibre optic. Users must be able to deploy their IT solutions in a productive way at gigabit speeds, regardless of their location. On that cornerstone, we have built solutions based on four pillars: Modern Workplace, Digitalisation, Secure Business and Innovation.”

Cybersecurity has always been pivotal for Orange. Why did you make Secure Business a separate pillar?

Patrick: “The trends described above have expanded the perimeter that companies need to protect. Ten years ago, employees were based at their fixed work stations at the office, with a laptop that was connected to the company network and software that primarily ran locally. A firewall was all it took to protect employees against potential external threats. Nowadays, staff not only work online on their laptop but also on their smartphone and tablet. They alternate the office with a home office or a table in a cafe. Work applications now run on mobile devices and companies are increasingly using cloud services. In short, protection has become a whole new ball game.”

Has it become easier for cybercriminals to attack?

Aubrey: “The expansion of the perimeter has definitely opened up fresh opportunities for cybercriminals. They continuously bombard the devices of employees with ransomware and phishing. They track down devices with an operating system or security applications that are not up to date and they try to take over user accounts. Nowadays, cybercrime has become highly professional and big business.”

Does this mean a firewall no longer offers adequate protection?

Aubrey: “That’s right. We can no longer assume that our employees’ devices can always safely hide behind the company network firewall. Today, every device must be protected individually. This is known as endpoint protection. Cybersecurity must not be limited to a traditional anti-virus solution that only blocks harmful files or emails. Attackers are becoming increasingly successful at breaking into devices without the user clicking on anything. Modern endpoint protection must also be able to stop these types of attacks.”

Can endpoint protection stop any attack?

Aubrey: “Unfortunately, we have to conclude that not all attacks can be blocked successfully. In the past, security solutions focused solely on stopping attacks, but this is no longer an option due to the larger perimeter. This also impacts the recommended security strategy: we must be able to detect what we cannot stop. On average, cyber criminals need just one hour to break into a network via a vulnerable device. This means administrators have just a small window of time in which to act, so they need high-performance tools that can quickly detect any intrusion. And that is precisely the strength of the endpoint protection solutions that Orange Belgium offers.”

What tools are we talking about?

Patrick: “These are endpoint detection and response tools, or EDR. They continuously monitor the device for suspicious activity using advanced analysis and AI. As a result, risk situations are instantly detected and placed in quarantine. We are currently exploring solutions for cross-layered detection and response (XDR). These not only assess activities on individual devices but they also correlate reports from different endpoints. They combine this information with data from the servers or the network, creating a fuller picture of an ongoing attack.”

Is endpoint protection easy to integrate into a company’s IT infrastructure?

Aubrey: “As a solution, EDR tools are slightly more advanced, so their implementation does require a certain level of expertise. As an ICT integrator, we can obviously support our customers in this process. Companies should not automatically assume these security solutions are too expensive or complex for them. Orange Belgium offers endpoint protection, a managed service that completely unburdens the customer. What’s more, thanks to our economies of scale, SMEs have access to the same possibilities as larger businesses. Customers who are looking for a solution for their mobile devices can use the Lookout Premium app.”

Does endpoint protection slow down the devices it protects?

Patrick: “All I can say is that the solutions we offer have no such effect. Not only are they strongly optimised but the bulk of detection activities also takes place in the cloud. Consequently, end users only experience minimal impact on their device.”

Finally, do you have any good advice in terms of endpoint protection?

Aubrey: “It’s important to realise that endpoint protection is just part of the overall protection. Several protection layers are necessary. Additional security measures such as patch management, a next-generation firewall and zero trust architecture to restrict network access are strongly recommended.”

Patrick: “Also, the users themselves are often the weakest link in the security chain. It’s important for companies to raise the awareness of their employees about security. Every company needs a global security strategy and it’s different for every company. As an ICT partner, we can help our customers develop such a strategy.”