Blog

Why SMBs Need to Secure the Network (Not Just the Endpoint)

Ted Gruenloh
CEO @ Nomic Networks
June 30, 2022

A prevalent attitude I still see among many small and medium-sized businesses (SMBs) is that if you have security on the endpoint – Anti-Virus or Endpoint Detection and Response (EDR), for example – you don’t really need to watch the rest of the network. Not only do many mistake this for a comprehensive solution, but they take full-scale security lightly in general, thinking they’re too small to be hacked. However, both of those lines of reasoning just are not the case. Small businesses need enterprise-grade security measures, which includes visibility into the network for truly advanced network detection and protection, and I’ll tell you why.

You’re never too small to be hacked

Although we’re leaning more into big-game and away from spray-and-pay targets, the truth is that small businesses still “make up over half the victims [of ransomware]”, according to subject matter experts quoted by Senate Judiciary Committee chair Dick Durbin (D-IL) last year. “Ransomware does not just affect the deeper pockets of large companies like Colonial Pipeline and JBS…. Small businesses already operate on thin margins, and many have been pushed to the brink by the pandemic,” added Senate Judiciary’s Ranking Minority Member Chuck Grassley in that same hearing, putting the figure as high as 75%. And, even way back in 2015, former IBM Chairman, President and CEO Ginni Rometty vouched that, “Cybercrime is the greatest threat to every company in the world.” That means the little guys, too.

The risks to small businesses are numerous. First, the attitude that you don’t have any information anyone else would want. This is simply not true. It’s important to recognize that even as a small business you have information that’s valuable to somebody. A payment processing company that might be a small player in the business. A local bank. They hold lots of important information. and perhaps most importantly, while risk goes up if the data’s important to somebody else, it’s certainly important to you. Small businesses depend on reputation, loyalty and trust, so don’t lose those to a poorly guarded database.

Another risk is that malware attacks may not even be coming to you – but you may become collateral damage. Many attacks are based on opportunity, not size, so if you’re not guarded against the latest threats, you could get picked off by a non-partial attacker – but get damaged all the same. It’s simply a too dangerous threat environment to trust yourself out of doors anymore.

EDR is great, but …

Well, we’ve got endpoint protection; shouldn’t that be enough? The unfortunate truth is, it’s not complete. Endpoint security kicks in once you’ve already received a malicious email and possibly downloaded ransomware or given away credentials, and is blind to the actual traffic between network devices.

This would be bad enough if we were facing small-time ransomware attacks of ten (or even five) years ago. But we’re not. Ransomware is constantly evolving, and bad actors don’t use “lightweight” ransomware on SMEs. Sorry. Ransomware as a Service (RaaS) is out there, and it’s cheap and easy to launch. This means APT-like attacks (of the same sophistication, complexity and nefarious capability) are easily bought, sold and paid for as-a-service on the dark web. More accessible than ever, script kiddies (those will low technical skills) can get a hold of this stuff and do as much damage as the big guys. Remember Colonial Pipeline? DarkSide is a RaaS gang. Surprise. So, the point here is that bad actors with access to the good stuff (for cheap) won’t pull punches when attacking your small to medium-sized enterprise. They’re not just sending phishing emails; they’re launching months-long attacks, sneaking into your network in increasingly furtive ways, evading typical defenses and protections, and lying low until they can strike.

Attacks are coming for you, they’re now more advanced and accessible than ever, and if your enterprise security strategy is only protecting at the endpoint, you’re not keeping up.

Why network protection is necessary

Endpoint detection should be the last line of defense. Network monitoring, detection and prevention is the fence on the cliff. To know when something is wrong on your network you have to know what normal traffic looks like. What machines should be talking to each other? How often should they be talking? What ports should they be using?

Scouring your network traffic will not only alert you of any misdeeds that could end up in an endpoint infraction but give you vital signs of your network’s health (but we’ll go into more of that later). Plus, with the rise of RansomOps (highly targeted, complex malware operations), attacks are ingressing in sneakier ways, staying on systems longer, and siphoning out more data – all while undetected. The time to catch a criminal is when they’re sneaking across the lawn and into your window – not when they’ve got their hand in the safe.

What SMEs can do to secure their networks

There are several proactive steps I’d recommend for SMEs looking to protect their network, go beyond endpoint security, and defend against ransomware attacks (that are targeting small businesses and doing a better job at it).

First, strengthen network visibility. Put some network monitoring tools in place so you know what to expect, and review that data regularly. Anomalies could be a clear sign of an infection or breach. You need a network baseline, not just EDR, to get complete visibility and the preventative capabilities that come with it. While endpoint detection is necessary, it leaves visibility gaps. Remote work environments and IoT further obscure visibility of available devices, making the problem even more complex.

If you can catch an attack at the source and mitigate it before it reaches the endpoint, do it. Ultimately, EDR is a reactive approach, generating large numbers of alerts and false positives that can cause confusion, dilute the real threat vectors, and tangle up your security teams. As IT Security Wire states, in this scenario “serious threats can easily get lost, making it more likely that threat actors will remain undetected for longer periods of time.” By that time, it’s too late.

For that reason, a proactive approach is needed. Sentinel’s 24/7 support team and outside/inside architecture acts as an effective layer of protection and an independent set of eyes, beyond the endpoint. We understand that SMEs are struggling to gain security buy-in as it is, and we want to make it possible for you to defend against real-world attacks that are defying endpoint solutions without breaking the bank.

Ted Gruenloh
CEO @ Nomic Networks

Ted has worked with network security and web technologies for almost 30 years, beginning his career as a full-stack web engineer and transitioning to network security. He now guides Nomic and its supporting initiatives, including CINS Active Threat Intelligence.

Subscribe to our newsletter
By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.