Endpoint protection has evolved to safeguard from complex malware and evolving zero-day threats.
To select an appropriate endpoint protection solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.
Theresa Lanowitz, Head of Evangelism, AT&T Cybersecurity
Corporate endpoints represent a top area of security risk for organizations, especially considering the shift to virtual operations brought on by COVID-19. As malicious actors target endpoints with new types of attacks designed to evade traditional endpoint prevention tools, organizations must seek out advanced endpoint detection and response (EDR) solutions.
Traditionally, enterprise EDR solutions carry high cost and complexity, making it difficult for organizations to implement EDR successfully. While many security teams recognize the need for EDR, most do not have the resources to manage a standalone endpoint security solution.
For this reason, when selecting an EDR solution, it’s critical to seek a unified solution for threat detection, incident response and compliance, to be incorporated into an organization’s existing security stack, eliminating any added cost or complexity. Look for endpoint solutions where security teams can deploy a single platform that delivers advanced EDR combined with many other essential security capabilities in a single pane of glass, in an effort to drive efficiency of security and network operations.
Overall, organizations should select an EDR solution that enables security teams to detect and respond to threats faster while eliminating the cost and complexity of maintaining yet another point security solution. This approach can help organizations bolster their cybersecurity and network resiliency, with an eye towards securing the various endpoints used in today’s virtual workforce.
Rick McElroy, Cyber Security Strategist, VMware Carbon Black
With the continuously evolving threat landscape, there are a number of factors to consider during the selection process. Whether a security team is looking to replace antiquated malware prevention or empower a fully-automated security operations process, here are the key considerations:
- Does the platform have the flexibility for your environment? Not all endpoints are the same, therefore broad coverage of operating systems is a must.
- Does the vendor support the MITRE ATT&CK Framework for both testing and maturing the product? Organizations need to test security techniques, validate coverage and identify gaps in their environments, and implement mitigation to reduce attack surface.
- Does it provide deeper visibility into attacks than traditional antivirus? Organizations need deeper context to make a prevention, detection or response decision.
- Does the platform provide multiple security functionality in one lightweight sensor? Compute is expensive, endpoint security tools should be as non-impactful to the system as possible.
- Is the platform usable at scale? If your endpoint protection platform isn’t centrally analyzing behaviors across millions of endpoints, it won’t be able to spot minor fluctuations in normal activity to reveal attacks.
- Does the vendor’s roadmap meet the future needs of the organization? Any tool selected should allow teams the opportunity for growth and ability to use it for multiple years, building automated processes around it.
- Does the platform have open APIs? Teams want to integrate endpoints with SEIM, SOAR platforms and network security systems.
David Ngo, VP Metallic Products and Engineering, Commvault
With millions working remotely due to COVID-19, laptop endpoints being used by employees while they work from home are particularly vulnerable to data loss.
This has made it more important than ever for businesses to select a strong endpoint protection solution that:
- Lowers the risk of lost data. The best solutions have automated backups that run multiple times during the day to ensure recent data is protected and security features such as geolocation and remote wipe for lost or stolen laptops. Backup data isolation from source data can also provide an extra layer of protection from ransomware. In addition, anomaly detection capabilities can identify abnormal file access patterns that indicate an attack.
- Enables rapid recovery. If an endpoint is compromised, the solution should accelerate data recovery by offering metadata search for quick identification of backup data. It’s also important for the solution to provide multiple granular restore options – including point in time, out of place, and cross OS restores – to meet different recovery needs.
- Limits user and IT staff administration burdens. Endpoint solutions with silent install and backup capabilities require no action from end users and do not impact their productivity. The solution should also allow users and staff to access backup data, anytime, anywhere, from a browser-enabled device, and make it possible for employees to search and restore files themselves.
James Yeager, VP of Public Sector, CrowdStrike
Decision-makers seeking the best endpoint protection (EPP) solution for their business should be warned legacy security solutions are generally ineffective, leaving organizations highly susceptible to breaches, placing a huge burden on security teams and users.
Legacy tools, engineered by on-premises architectures, are unable to keep up with the capabilities made available in a modern EPP solution, like collecting data in real-time, storing it for long periods and analyzing it in a timely manner. Storing threat telemetry data in the cloud makes it possible to quickly search petabytes of data in an effort to glean historical context for activities running on any managed system.
Beware of retrofitted systems from vendors advertising newer “cloud-enabled” features. Simply put, these “bolt-on” models are unable to match the performance of a cloud-native solution. Buyers run the risk of their security program becoming outdated with tools that cannot scale to meet the growing needs of today’s modern, distributed workforce.
Furthermore, comprehensive visibility into the threat landscape and overall IT hygiene of your enterprise are foundational for efficient security. Implementing cloud-native endpoint detection and response (EDR) capabilities into your security stack that leverages machine learning will deliver visibility and detection for threat protection across the entire kill chain. Additionally, a “hygiene first” approach will help you identify the most critical risk areas early-on in the threat cycle.