What is endpoint hardening?

What is endpoint hardening?

When a knight goes into battle, they need to defend themselves from possible danger — like an arrow piercing their skin. So what do they do? They cover themselves with a strong material, their armor, which helps lower the chance they get injured by a well-placed enemy arrow.

Endpoint hardening is similar. You’re trying to protect your endpoints, like a mobile phone, tablet or laptop. To prevent attackers from accessing your endpoint and causing damage, you need to:

• Make it more difficult for anything to penetrate your device software
• Limit the effect an attack can have

In other words, endpoint hardening is the process of minimizing the available attack surface of a device. Achieving this isn’t easy. In a later section, we’ll talk about some best practices that help keep your device safe from harm.

Benefits of endpoint hardening

We’ve established that endpoint hardening is good to protect your device from attackers. But what attacks are we defending against? The following types of attacks are just some of the reasons that endpoint hardening is important. By blocking these attacks, you improve your device security and reduce the ways your system is vulnerable. This keeps your devices more stable and in good shape to perform as expected.

Phishing

Phishing is a common social engineering tactic. Attackers trick users into giving them their information, like a username and password. This popular technique lets attackers get your personal information without having to use overtly technical methods — victims simply tell attackers their information, it doesn’t have to be hacked out of them.

Malware

Malware, or malicious software, is software that intends to cause harm on your device. You can get malware on your computer by downloading software from the internet, opening/downloading email attachments or other ways.

Malware could be used to:

• Steal your private information
• Lock your device and harvest your data, demanding payment for your device to be restored
• Deliver ads to your computer
• Use your device to create cryptocurrency
• For other malicious purposes

Malicious network traffic

Malicious network traffic can refer to a number of harmful things on the internet:

• Malware downloads
• Connection to attackers’ servers
• Scams
• Man-in-the-middle attacks, where attackers intercept communication between two victims and modify their messages

Endpoint hardening best practices

So how can I actually harden my devices? We’ll go over a few best practices that will help secure your devices.

Secure configurations

Configuring your device can set it up for success. IT admins can close insecure ports for example, and everyone can take advantage of built-in security features, like FileVault on Mac. You should also lock your computer with a password and enable other security features, like Touch ID.

Strong authentication

Password requirements exist for a reason. The longer and more complex a password is, the more difficult it is for an attacker to figure out. For example, say you use a password with 10 numbers. In 2024, this would take attackers about one hour to crack (depending on their method).

But if you increase the length to only 12 and add uppercase and lowercase letters and symbols, it would take an attacker 164 million years! So in other words, your passwords should be complex and difficult to guess. Each password should be unique as well — don’t use the same password for other websites.

Note that this doesn’t take into account if you password has been leaked via a data breach or is a common password. These can be cracked much more quickly. That’s where multifactor authentication (MFA) comes in.

MFA takes a few forms, but generally requires the user to provide two or more of the following:

• Something they know, like a password
• Something they are, like their fingerprint
• Something they have, like a physical security key or other device

For example, you may be required to put in your password, then type in a code that is sent via text message. This is generally more secure than using only one factor, since the odds of an attacker having your phone, for example, is relatively small.

Users should consider enabling MFA for their online accounts; IT admins should require it for access to company resources.

Regular software updates and patch management

Keeping your software updated is important for your device security. This is true for your device’s operating system (OS) and for your installed apps. Generally, the latest versions include patches to vulnerabilities and attacker might try to exploit to access your device. Setting your device to update automatically will make it easier to keep it up to date.

Service and feature management

Everyone uses their device differently depending on their habits or job function. Disabling services or features that won’t be used will reduce the number of ways an attacker can access your device. IT admins can manage this on their corporate devices using mobile device management solutions.

Data encryption

Encrypting your data with a password protects it if your device gets into the wrong hands. Features like FileVault on Mac encrypts your data on your device’s hard drive. Data should be encrypted in transit too — in other words, you shouldn’t send sensitive data over an insecure connection, like public Wi-Fi. Organizations should consider using Zero Trust Network Access for secure connections to company resources.

Endpoint detection and response

Companies use endpoint detection and response (EDR) software to monitor the behavior of their devices and spot potential signs of compromise. Integrating EDR software with other monitoring tools, like a security information and event management (SIEM) that monitors your network, will give IT admins visibility into the security of their endpoints.

Regular security audits

Everyone would benefit from periodically assessing the security of their devices. Are your devices up to date? Are you reusing passwords across different websites or applications? Did I enable MFA for my accounts? IT and Security teams at an organization should assess their organization’s security posture to see if they are meeting regulatory requirements.