When organisations begin their search for an advanced, next-generation endpoint security solution to protect PCs, Macs, servers, and mobile devices, they go to their MSP and if they are like us they will give you a lot of different vendors to choose from and we usually do a breakdown as to why this is the right tailor for your business and why this other one is not. In the case that you don’t have an MSP, the questions you should be asking are; Can it prevent attacks? What kind of malware can it protect against? What if malware gets in, can it still help me? How do I deploy it? Is management of the tool easy? Will it protect my endpoints on and off the corporate network? Throughout this article we will try to give you the right information so that you as a business leader can make the right decision for your organisation.
Here you are, you have read the Tech Patrol blog from the News Centre, you now know the questions to ask your enterprise’s potential endpoint security solution providers. Excellent! You’ve gotten your upper management, board members, and CFO to listen to your argument for why your enterprise needs an endpoint security solution. Perfect! They’ve even given you an adequate budget to select a solution. Done! You should be all set. Right?
Well, let’s be honest… you’re almost there. You still have one lingering question you need to answer: do you know what your looking for in an endpoint security solution? What are the key capabilities an endpoint security solution needs to offer your enterprise to be the right choice? Don’t worry this is exactly what this article is for.
Through my cybersecurity conferences, a customer forums, or day-to-day interactions with security practitioners, I get asked these questions all the time and I’ve found that these are the key items that you need to know. I think any endpoint security solution should provide all of the following “must-haves”:
1. Prevention Capabilities
Prevention is your first line of defence. No matter what you do you don’t want to get hacked and THEN try and have a solution to remove the infection, you must be blocking malware at the point-of-entry in real time, this is essential. Now to try and ensure the best possible prevention, you must make sure your next-gen endpoint security solution provides the following:
- Global Threat Intelligence – a team of threat hunters detecting the newest threats and uncovering zero-days to keep you protected 24/7
- AV Detection – let your Next-Gen Endpoint Security solution do all the AV heavy lifting and consolidate protection onto one lightweight agent
- Proactive Protection – identify and patch vulnerabilities, and analyze and stop suspicious low-prevalence executables fast
2. Cloud or on-premises deployment options, with a multi-system approach
Your deployment of a next-gen endpoint security solution across a cloud environment should ensure flexibility, easier management, scalability, and real-time threat intelligence delivery. Now, there are some organisations that require an on-premises deployment to satisfy stringent privacy requirements dictated by their industry, like in government or finance where you need to have large retention and multi locational approach when it comes to your data. Your next-gen endpoint security solution should offer both deployment options with all security benefits.
3. Continuous Monitoring and Recording
This is something that we here at Tech Patrol take seriously. No prevention method will ever be 100% effective and we understand that BUT, Advanced malware can get into your endpoints, and if you have no visibility into what files are doing on your endpoints, you’ll be blind to the presence of a potential compromise. Therefore, your endpoint security solution must watch everything on all of your endpoints (on and off the corporate network) at all times so you can quickly spot malicious intrusions and stop them before they even get a chance to spread.
4. Integrated Sandboxing Capabilities
If you don’t know; a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. Sandboxing is essential for static and dynamic analysis of unknown files. Sandboxing should be built-into, and fully integrated with, your next-gen endpoint security solution to make sure that the organisation is on top of suspicious running files at all times.
5. Agentless Detection
Sometimes if an organisation doesn’t have an MSP and it cannot install an endpoint agent on every single endpoint throughout the enterprise, or they would like visibility into devices that do not have an operating system that can support an endpoint agent. Also, some malware is file-less and might not be visible to an endpoint agent. Therefore, your endpoint security solution should provide agentless detection. Make sure it can uncover file-less or memory-only malware, catch malware before it compromises the OS-level, and get visibility into devices where no agent is installed.
6. Rapid Time to Detection
Do you know wthe industry average in detecting a breach AFTER it occurs? 100 days. That.is.insane! This gives a free 100 days for a malware to infiltrate your organisation and exfiltrate confidential information from yourself, your employees and critical business data. Your endpoint security solution should truly be able to speed up your time of detection and spot threats in hours or minutes, not days, weeks or months.
7. Easy, streamlined management interface for efficient decision-making
Organisations face a myriad of attacks each day, often more than they can triage efficiently or effectively. Many security teams are simply buried in security alerts each day. They need security solutions that are easy to use and help them make fast and informed decisions in the case that they don’t have an MSP.
Look for a next-gen endpoint security solution with an easy-to-use management interface that even a tier 1 analyst can use. Make sure that the interface allows you to quickly assess the health and state of your security deployment at both a macro and micro level. Make sure that the workflow to address a malware intrusion is seamless, intuitive and flexible, allowing you to triage, manage, and respond to possible breaches fast and effectively.
8. Your end-point security should fit within your larger integrated security architecture
There are a lot of vendor solutions that offer endpoint security products that are just that – point-products. These products are not integrated with other security tools, and when deployed, simply add to the mixed bag of security products from multiple vendors used throughout the enterprise. Many organisations use upwards of 60 different security tools. That to me is CRAZY. Each product has its own management system and displays information in different ways, this is a horizontal model which are usually used to save money – biggest mistake when addressing security. This requires more people to operate and makes it harder to decipher threat information, connect the dots to understand the full scope of an attack, and respond quickly. This might save some money but the manpower of monitoring and the effect when something does go wrong will definitely be more costly.