Endpoint security: 5 things to know
Network security offerings clearly haven't fixed the endpoint security challenge. The problems come on multiple fronts, which calls for a blended solution.
Here’s what you need to know.
1. Antivirus is not enough
There’s no argument that antivirus just doesn’t cut it anymore. There’s nothing new here, but it looks like the market is finally ready to accept that a platform approach is needed. Everyone should be integrating next-generation endpoint security technologies.
2. Perimeter defenses aren’t enough, either
Historically, security experts might have seen companies spending around half their security budgets on perimeter defenses. Considering where the threats are, that’s a disproportionate investment in securing the perimeter at the expense of taking a more comprehensive approach.
3. There have never been more choices
The main options within the realm of endpoint security include:
- Endpoint protection platforms (EPP)
- Endpoint detection and response (EDR)
- Threat isolation
- Exploit technique mitigation
- Data loss prevention
- Data encryption
- Patch management
- Intrusion detection systems
- Intrusion prevention systems
- Remote application access
- Threat intelligence
- Threat forensics
- User behavior analytics
Endpoint protection platforms
Endpoint protection platforms (EPP) bundle several security functionalities into one offering, which might include (but isn’t limited to):
- Application security
EPP will also integrate with vulnerability, patch, and configuration management.
Endpoint detection and response
Endpoint detection and response (EDR) suppliers have products that will monitor endpoints to detect, contain, investigate, and remediate threats. The approach is a little fresh and worth exploring. You should be looking for capabilities for:
- Managed hunting
- Real-time agent scoring
- Centralized data
- Real-time search
- Incident containment
- Event feeding into SIEM
- Built-in sandboxing
4. Layers make you safer
The better you layer your approach, the safer you’ll be. At a minimum, you need EPP and EDR. After that, it’s a matter of choosing the layer that makes most sense for the business and the way you work.
Whatever you choose, you need to consider network security as part of your overall mix.
5. You might need help
It’s a big world out there, and it’s growing in complexity. It’s worth working with a trusted adviser to navigate the options, especially when money is a consideration.
For starters, suppliers are starting to combine approaches to EPP and EDR. It’s not easy to see who is going to take the lead. It’s also likely that companies will start buying each other to offer more integrated approaches.
Unless you want to stay on top of all that movement yourself, you need to work with someone who is keeping their eye on the shifting landscape.