Choosing the right endpoint security solution
Blog by Diğdem Çiftçi, Security Engineer
In my first blog about endpoint security, I discussed the need for (advanced or next gen) endpoint security software in your organization and why network security alone is not enough. In this blog I will talk about how to choose the right endpoint security solution.
Obviously, having several security solutions in place thus meeting compliance regulations, does not necessarily mean your enterprise is secure. You’ll need to actively monitor and manage the solutions, just to minimize the risk of a data- or security breach. In case of endpoint security you would primarily need a solution that offers you protection by preventing malicious code or behavior being able to cause you any harm. This is called an Endpoint Protection Platform (EPP). Second, you might want to consider a complementary Endpoint Detection and Response (EDR) solution, for being able to detect advanced threats that, for example, misuse legitimate applications on the endpoint to gain unauthorized access to confidential data. This EDR solution can then automatically respond to this activity by isolating an endpoint or by adjusting the affected security policy.
Bringing data together
Ideally, your endpoint security solution (EPP and EDR) sends all logs and events to a SIEM (Security Information and Event Management) solution. That SIEM ingests all logs and events from all your security solutions and correlates these, providing you a clear insight in your current security posture. With a better understanding of your current state, you are able to make educated purchasing decisions, based on the features and capabilities that will make an actual difference.
Webinar Endpoint Protection Platform (EPP) & Endpoint Detection and Response (EDR)
On October 9th 2019 at 11:00 (and later on-demand) Digdem will host, together with Consultant Harm Teerenstra, the webinar EPP & EDR.
So what if you don’t have the beforementioned solutions in place (yet) and you are not sure if your organization’s security policy and approach is good enough: ASK FOR HELP! There are quite some people out there that are doing this as a profession; they do it every day and have seen many different environments. Consulting security professionals will give you an overall idea on where you are at and what you need. After that; you should make a list of priorities and address these one by one.
Checking your priorities
Getting back to endpoint security: please know that most successful attacks still make use of known vulnerabilities and weaknesses in an organization’s security policy and device configuration. Even the most damaging and high-profile attacks could have been mitigated or the impact reduced by better IT operations. This is why your choice for an endpoint security solution is a strategical one, having a major impact on your companies security posture. Choosing your endpoint security solution, you should consider:
On-premises versus cloud management: Currently there is a strong trend towards cloud management (SaaS delivery method), supported by most endpoint security vendors, but there might be important reasons for you to choose for on-premises management.
Cost of the endpoint security solution: Advanced or next gen solutions are obviously initially more expensive than traditional AV solutions, but you may want to bring the risk of a data- or security breach into the equation.
Effectiveness and ease of management: Please invest some time doing research on actual effectiveness and ease of management. The most plausible way to do so, is by creating a shortlist based on reports and then trying the solutions yourself.
Performance impact: This is typically important when you have a VDI-environment, but even with traditional fat clients you would not want that your endpoint security solution has a major impact on compute performance when performing a scan. Neither would you want bandwidth issues when downloading updates.
Integration capabilities: The endpoint security solution should at least be able to send logs and events to a SIEM solution. Other than that: the more integrations with other security solutions within your network (e.g. firewall, network access control), the better.
Last but not least: TRY THE PRODUCT! Demos are just for show. Please don’t forget the fact that those will give you an idea about how the product works but that’s it. These demos are created for sales purposes, like presentations. So go for a proof of concept. Try the product in your own (test-)environment, ask questions, see if it fits your expectations and needs. With proper guidance of the suppliers security professional(s), doing a proof of concept will most likely be very useful to you.
I hope this blog helps you with your journey towards a better and stronger security posture, starting with the proper endpoint security solution. Please don’t hesitate to contact SecureLink anytime for more information or if you need any assistance.