{"id":112935,"date":"2020-06-25T18:00:56","date_gmt":"2020-06-26T01:00:56","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=112935"},"modified":"2020-07-17T14:22:54","modified_gmt":"2020-07-17T21:22:54","slug":"cortex-build-endpoint-security","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2020\/06\/cortex-build-endpoint-security\/","title":{"rendered":"Build Endpoint Security into Your Zero Trust Strategy"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">While the term \u201cZero Trust\u201d may immediately make you think of network security, a proper Zero Trust strategy extends beyond network. Endpoints play an important role, as they store and access data all around the world, making them vulnerable entry points for cyberattackers. With data and applications being accessed from distributed devices, the prevention-first approach and security policy should be consistent and coordinated between your endpoints and your network. Let\u2019s explore how this works with managed endpoints.<\/span><\/p>\n<figure id=\"attachment_112936\" aria-describedby=\"caption-attachment-112936\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:42.67%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-112936 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/06\/app.endpoint.png\" alt=\"The image shows the role that application and endpoint security play in a complete Zero Trust strategy.\" width=\"900\" height=\"384\" \/><\/span><\/div><figcaption id=\"caption-attachment-112936\" class=\"wp-caption-text\">Endpoint security is a critical element of Zero Trust<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">Let\u2019s start with a quick overview of Zero Trust: As <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/05\/network-end-to-end-zero-trust\/\"><span style=\"font-weight: 400;\">described by Palo Alto Networks CTO Nir Zuk<\/span><\/a><span style=\"font-weight: 400;\">, \u201cZero Trust is an end-to-end cybersecurity strategy that spans the infrastructure. With Zero Trust, you operate under the assumption that no user, endpoint, workload, application or content can be trusted at any entity, whether it has previously been checked or will be checked later on by another entity.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">From an endpoint security perspective, this means regularly validating who owns the endpoint, where it\u2019s being used, who is using it, what applications are running on it, and what content it\u2019s generating. But validation alone isn\u2019t enough. You need to safeguard your endpoints from attacks to drastically reduce the chance your endpoints are ever compromised. Within a Zero Trust framework, your endpoint strategy should include:<\/span><\/p>\n<ul>\n<li><b>World-class prevention. <span style=\"font-weight: 400;\">You must protect endpoints from known and unknown malware, exploits, and fileless attacks, blocking bad actors before they can even attempt to penetrate the network. Not only is it intuitive that you want to create more barriers between attackers and your company\u2019s sensitive data, but endpoint security tools can analyze the operations happening on an endpoint in ways that network tools can\u2019t \u2013 for example, validating that the packets coming from an endpoint are actually generated by a legitimate application, not malware or an admin tool that\u2019s been hijacked for nefarious purposes. With the right endpoint security, you can find and eliminate malware by inspecting files, but you also can identify the combination of activities associated with attacks to block never-before-seen threats and script-based attacks with behavior-based protection.<\/span><\/b><\/li>\n<li style=\"font-weight: 400;\"><b>Monitoring endpoints to detect behavioral anomalies.<\/b><span style=\"font-weight: 400;\"> Your endpoint security strategy should include detection and response capabilities that monitor all activity with analytics to uncover attack techniques and unusual activity. You should look for tools that apply machine learning to endpoint data to increase detection accuracy. Endpoint monitoring applies both to users on your physical network and remote VPN users. With the recent increase in remote working, it\u2019s now more important than ever to extend your detection and response capabilities to your remote users.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Integrated visibility across your infrastructure. <span style=\"font-weight: 400;\">Zero Trust applies to all elements of your digital enterprise \u2013 your endpoints, your network, your users and more. Similarly, your approach to detection and response should encompass all your assets \u2013 not just your managed endpoints. Cyberattacks can originate from any source, and involve multiple endpoints, compromised user credentials and more. To get a complete picture of an attack, you must track every step and every affected user and endpoint. Our Managed Threat Hunting team at Palo Alto Networks has helped customers identify attacks from unmanaged devices and from remote users, and in many cases, our team would not have easily revealed the full scope of the attack without extended visibility. For example, in one case, <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/03\/cortex-ai\/\"><span style=\"font-weight: 400;\">they found the source of Qakbot infection<\/span><\/a><span style=\"font-weight: 400;\"> \u2013 an unmanaged device \u2013 using Cortex XDR&#x2122; and a combination of network and endpoint data.\u00a0\u00a0<\/span><\/b><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2><b>How Cortex XDR Enables Zero Trust<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Cortex XDR provides everything you need to safeguard your endpoints. It combines industry-best AI and behavior-based protection to block advanced malware, exploits and fileless attacks. By integrating Cortex XDR with your existing network and cloud security from Palo Alto Networks, you can achieve consistent, coordinated security across your organization.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Going beyond traditional endpoint security tools, <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/04\/cortex-network-visibility\/\"><span style=\"font-weight: 400;\">Cortex XDR stitches together network, endpoint and cloud data<\/span><\/a><span style=\"font-weight: 400;\"> and applies machine learning to detect anomalies from softer signals. This allows Cortex XDR to uncover and stop even the stealthiest attackers, who may otherwise be able to get past each individual layer of defense. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Hear Palo Alto Networks CTO, Nir Zuk, talk more about <\/span><span style=\"font-weight: 400;\">how <a href=\"https:\/\/youtu.be\/zzZ4q9DSnbg?t=650\" rel=\"nofollow,noopener\" >endpoint security fits into a Zero Trust strategy<\/a><\/span><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><div class=\"styleIt\" style=\"width:560px;height:315px;\"><lite-youtube videoid=\"zzZ4q9DSnbg\" ><\/lite-youtube><\/div><\/p>\n<p><i><span style=\"font-weight: 400;\">This post is part of a series covering \u201c<\/span><\/i><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/tag\/zero-trust-throughout-your-infrastructure\/\"><i><span style=\"font-weight: 400;\">Zero Trust Throughout Your Infrastructure<\/span><\/i><\/a><i><span style=\"font-weight: 400;\">.\u201d<\/span><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A proper Zero Trust strategy should be consistent and coordinated, extending beyond network to include endpoint security. <\/p>\n","protected":false},"author":370,"featured_media":112812,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6770],"tags":[6737,532,73,7129],"coauthors":[3907],"class_list":["post-112935","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-future","tag-cortex-xdr","tag-endpoint","tag-zero-trust","tag-zero-trust-throughout-your-infrastructure"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/06\/Hunter.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/112935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/370"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=112935"}],"version-history":[{"count":8,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/112935\/revisions"}],"predecessor-version":[{"id":116230,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/112935\/revisions\/116230"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/112812"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=112935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=112935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=112935"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=112935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}