Media coverage of data breaches (e.g., Cisco, Flagstar Bank, South Denver Cardiology Associates) often puts a spotlight on the tail end of the cyberattack life cycle, focusing on the exfiltration points rather than how the threat actor got there.

Post-mortem analysis has repeatedly found that the most common source of a hack is compromised credentials that are subsequently used to establish a beachhead on an end user device (e.g., desktop, laptop, or mobile device). In such instances, endpoints serve as the main point of access to an enterprise network and therefore are often exploited by malicious actors. That’s why it is not surprising that a Ponemon Institute survey revealed 68 percent of organizations suffered a successful endpoint attack within the last 12 months.