Endpoint security: 5 things to know

Network security offerings clearly haven’t fixed the endpoint security challenge. The problems come on multiple fronts, which calls for a blended solution.
Here’s what you need to know.

1. Antivirus is not enough

There’s no argument that antivirus just doesn’t cut it anymore. There’s nothing new here, but it looks like the market is finally ready to accept that a platform approach is needed. Everyone should be integrating next-generation endpoint security technologies.

2. Perimeter defenses aren’t enough, either

Historically, security experts might have seen companies spending around half their security budgets on perimeter defenses. Considering where the threats are, that’s a disproportionate investment in securing the perimeter at the expense of taking a more comprehensive approach.

3. There have never been more choices

The main options within the realm of endpoint security include:

Endpoint protection platforms (EPP)
Endpoint detection and response (EDR)
Threat isolation
Exploit technique mitigation
Data loss prevention
Data encryption
Sandboxing
Patch management
Deception
Intrusion detection systems
Intrusion prevention systems
Remote application access
Threat intelligence
Threat forensics
User behavior analytics

Endpoint protection platforms

Endpoint protection platforms (EPP) bundle several security functionalities into one offering, which might include (but isn’t limited to):

Firewall
Anti-virus
Application security
IPS
Anti-spyware
EPP will also integrate with vulnerability, patch, and configuration management.

Endpoint detection and response/h3>
Endpoint detection and response (EDR) suppliers have products that will monitor endpoints to detect, contain, investigate, and remediate threats. The approach is a little fresh and worth exploring. You should be looking for capabilities for:

Managed hunting
Real-time agent scoring
Centralized data
Real-time search
Incident containment
Event feeding into SIEM
Built-in sandboxing

4. Layers make you safer

The better you layer your approach, the safer you’ll be. At a minimum, you need EPP and EDR. After that, it’s a matter of choosing the layer that makes the most sense for the business and the way you work.

Whatever you choose, you need to consider network security as part of your overall mix.

5. You might need help

It’s a big world out there, and it’s growing in complexity. It’s worth working with a trusted adviser to navigate the options, especially when money is a consideration.

For starters, suppliers are starting to combine approaches to EPP and EDR. It’s not easy to see who is going to take the lead. It’s also likely that companies will start buying each other to offer more integrated approaches.

Unless you want to stay on top of all that movement yourself, you need to work with someone who is keeping their eye on the shifting landscape.