Endpoint security: 5 things to know | Dec16 Newsletter
Network security offerings clearly haven't fixed the endpoint security challenge. The problems come on multiple fronts, which calls for a blended solution.
Here’s what you need to know.
1. Antivirus is not enough
There’s no argument that antivirus just doesn’t cut it anymore. There’s nothing new here, but it looks like the market is finally ready to accept that a platform approach is needed. Everyone should be integrating next-generation endpoint security technologies.
2. Perimeter defenses aren’t enough, either
Historically, security experts might have seen companies spending around half their security budgets on perimeter defences. Considering where the threats are, that’s a disproportionate investment in securing the perimeter at the expense of taking a more comprehensive approach.
3. There have never been more choices
The main options within the realm of endpoint security include:
- Endpoint protection platforms (EPP)
- Endpoint detection and response (EDR)
- Threat isolation
- Exploit technique mitigation
- Data loss prevention
- Data encryption
- Patch management
- Intrusion detection systems
- Intrusion prevention systems
- Remote application access
- Threat intelligence
- Threat forensics
- User behaviour analytics
Endpoint protection platforms
Endpoint protection platforms (EPP) bundle several security functionalities into one offering, which might include (but isn’t limited to):
- Application security
EPP will also integrate with vulnerability, patch, and configuration management.
Endpoint detection and response
Endpoint detection and response (EDR) suppliers have products that will monitor endpoints to detect, contain, investigate, and remediate threats. The approach is a little fresh and worth exploring. You should be looking for capabilities for:
- Managed hunting
- Real-time agent scoring
- Centralised data
- Real-time search
- Incident containment
- Event feeding into SIEM
- Built-in sandboxing
4. Layers make you safer
The better you layer your approach, the safer you’ll be. At a minimum, you need EPP and EDR. After that, it’s a matter of choosing the layer that makes most sense for the business and the way you work.
Whatever you choose, you need to consider network security as part of your overall mix.