Hear us out: attacks either begin on an endpoint or are headed to one.
Why do we make this argument? As has been documented with nearly all ransomware, employees and end users are often the easiest way into an enterprise, large or small, via phishing schemes or malspam. Getting just one user in an organization to open a malicious attachment on their endpoint can be a weak link in your carefully executed security strategy.
At that point, attackers have a foothold on a single laptop, establish persistence, and begin to move laterally – this is how a single infection becomes a full-scale breach.
Least privilege and Zero Trust approaches are global best practices to contain threats. However, the Zero Trust discussion has centered on campus networks, clouds, and data centers – but not yet endpoints, the place where attacks begin.