Subscribe

Getting the best from an endpoint protection solution

An effective solution must enable a clear understanding of the security posture, where to invest, and how to improve and mitigate.
Byron Horn-Botha
By Byron Horn-Botha
Johannesburg, 05 Jun 2024
Byron Horn-Botha, business unit head, Arcserve Southern Africa.
Byron Horn-Botha, business unit head, Arcserve Southern Africa.

The days of box-ticking security protection are over, as companies can no longer deploy solutions that merely satisfy audit or governance requirements.

Cyber security is a serious business due to the relentless and rapid rate of attack. Threat vectors – the route through which attackers enter a network − change all the time, with common attack vectors being social engineering, credential theft, insufficient protection against insider threats and more.

The solution of choice must protect the low-hanging fruit − often the endpoint environment, requiring a protection solution that is suited to a milieu that spans in-office, remote and hybrid working models. In selecting the correct option, it is essential to adopt an all-inclusive approach and seek a solution that delivers more than traditional anti-virus.

In a paper on the evolving effectiveness of endpoint protection solutions, Gartner expanded on its success against attacks as a critical selection criterion, noting that technical professionals often must rely on external sources when making decisions.

The following is a guide on what to look for with these solutions.

Begin by asking if the solution can holistically monitor breaches? Does it consider the pre-attack to post-breach scenario − this is crucial as companies need to understand where the security gaps lie and how they can best mitigate them.

A solution that’s fit for purpose should keep ahead of any attack curve.

The solution should also enable a clear understanding of the security posture, where to invest, how to improve and most importantly how to mitigate. Does it allow access to a global intelligence framework that is actively looking for attack vectors and consistently updates them?

It’s a fast-paced, changing world, where resilience in any business will be dependent on a provider offering comprehensive articulation, understanding and mitigation of risks.

Finally, ask if the solution takes proactive measures against attacks? An attack could be zero-day − sudden and often the result of unknown security flaws. Or, what’s termed a living off the land attack, where common applications in daily use are deployed to infiltrate the organisation. A solution that’s fit for purpose should keep ahead of any attack curve.

Consolidation: Often multiple/incohesive solutions lack coverage. Having multiple solutions across the endpoint landscape creates multiple loopholes and are costly. Moreover, they can require ongoing management as visibility is blurred due to constant cross-checking across all deployments.

A solution should be capable of providing broad coverage, while maintaining a security posture that’s in line with strategy. Companies need to determine what their security strategy should look like. Appropriate planning must be implemented when searching for the right solution. In-depth discussions around the challenges must occur to establish what critical needs must be addressed. This approach will prevent poor cyber security performance and help to negate risks.

Integration: This mostly pertains to ease of deployment. Does it require a large infrastructure overhead? Can it integrate with the rest of the technology stack without requiring significant configuration plus ongoing professional services? Also, can users be trained effectively to utilise the solution to its full potential?

“Ease of use” is a term often heard, never truly applied. Administrators need to be equipped to honour, master and own the solution so they can provide a proactive approach to addressing risks in real-time. This means reducing residual risk and in turn ensures breach-prevention.

Research and development: Before signing on the dotted line, examine the vendor’s development record – is it continuously investing in upgrades that aim to combat ever-evolving cyber security threats? If not, take a step back – a vendor must have an innovative vision for the future of risk mitigation for customers.

Attack response: What is extended detection and response (XDR)? Gartner says it delivers incident detection and automated response capabilities for security infrastructure. XDR integrates threat intelligence and telemetry data from multiple sources with security analytics to provide contextualisation and correlation of security alerts. XDR must include native sensors and can be delivered on-premises or as a SaaS offering.

It is essential to select a solution that permits remedial action in the event of a breach. This is what XDR does. It should allow quick analysis of an incident, get to the root cause and assist to close the loop before the attack goes anywhere. It achieves this through isolating, alerting, or quarantining the malicious content or attack.

Knowing how to fix the entry point and potential other areas of concern is a learning curve that will help improve response approach, fine-tune processes and offer a more secured stance.

In conclusion, a multi-layered approach to cyber security that incorporates measures such as zero-trust, muti-factor authentication and an appropriate endpoint solution from a vendor at the top of its game will guarantee the organisation is proactive, reactive and ahead of the curve.

Spending time evaluating the security posture will safeguard the most critical business asset: data. This approach will guarantee data safety in a manner that permits continuous, consistent and secure operations.

Investing in solutions that have a long-term benefit for the business and its data will bring peace of mind and sustainability.