Johannesburg, 06 Oct 2021
In today’s connected landscape, there is a growing complexity associated with safeguarding the myriad endpoint devices accessing the corporate network. The unpredictability of attacks and threats are increasing, and threat actors are using increasingly sophisticated technologies to compromise devices.
Adding further impetus to this is the normalisation of a distributed working environment that sees employees using their personal devices to log into back-end systems. Generally, employees at home are often prone to less than cautious behaviour and non-compliance with the corporate cyber security policy. Check Point research has found that 39% of security professionals are no longer confident in their existing endpoint protection, with a further 50% of companies stating they will replace these solutions by 2023.
But selecting an effective endpoint protection solution has become a complicated undertaking. Here are the five must-haves of any such solution in the digital world.
Anti-phishing
Phishing has become one of the most significant threats facing end-users and businesses today. Phishing attacks use advanced social engineering techniques that can easily trick employees into giving away sensitive information that can be used to either perpetrate identity theft or to commit fraud.
Having anti-phishing capabilities is one of the fundamental considerations when selecting an endpoint protection solution. It must be able to actively prevent the likes of zero-day phishing, impersonation, spear-phishing and business e-mail compromise.
Anti-ransomware
Ransomware can be challenging to combat as companies do not know that they have been infected until it is too late. It can penetrate the organisation through multiple entry points such as the web, e-mail and removable media devices.
When it comes to anti-ransomware capabilities, an endpoint protection solution must be able to defend against zero-day ransomware attacks and include an anti-ransomware engine that monitors changes to files on user drives. This enables the solution to identify ransomware behaviour such as illegitimate file encryption.
Content disarm and reconstruction (CDR)
No business can afford to inspect every e-mail attachment and disrupt productivity. However, they can also not risk users downloading potentially infected files to their devices without screening them first. This requires a security solution that has automatic file sanitation features – CDR.
An effective endpoint protection solution can automatically scan all incoming files to ensure they are safe without disrupting the normal workflow. Furthermore, it can remove exploitable content from documents by sanitising them within seconds.
Anti-bot capabilities
Given their nature, bots present a formidable threat to any organisation. Hackers often use them in advanced persistent threat attacks that see them controlling the bots remotely to execute illegal activities. These bot attacks can result in data theft that can potentially result in companies having to close their doors.
A quality endpoint protection solution can therefore automatically detect and contain bot-driven infections. It can continuously monitor outgoing traffic and identify potential machines that are infected with bot malware.
Automated post-breach detection, remediation and response
Even though traditional endpoint detection and response (EDR) solutions can detect suspicious behaviour, they cannot perform automatic remediation. Without this in place, the risk of attack residuals is greater.
Therefore, an endpoint protection solution that can automatically analyse, contextualise and remediate incidents is worth its weight in gold. It must automatically determine if an event was an attack, how the hacker got in, what the impact has been and how the systems must be cleaned.
Join me next time as I discuss the five principles behind selecting an optimal endpoint protection solution.
Share
Syrex
Syrex, established in 1995, specialises in the installation and support of Linux, Microsoft, virtualised and hybrid network infrastructures. Its core service offerings include a stable, customisable perimeter and connectivity management solution, as well as tailored IT support.
Syrex provides a wide range of support services and products, which includes connectivity (VOIP, fibre, wireless and VPN), cloud services (Office 365, virtualisation, hosting, backup and archiving), security (firewall, VPN and security management), sales of both hardware and software, comprehensive remote managed on and off site support.
Syrex holds an ECS/ECNS licence from ICASA, and is a Microsoft Gold Certified Partner and a specialist in providing Linux RedHat solutions and Enterprise grade Firewalls. Syrex is an accredited BBBEE company and has customers from both the SMME and Enterprise sectors.