By: Tamer Odeh, Regional Director at SentinelOne in the Middle East
Managing risk requires an adaptive and agile security culture that mixes process, technology, and people in an effective and smart way. Having the right security products in place is essential, but how is it possible to know these products will be effective and worthwhile?
Comparing specifications takes time and expertise, and different vendors sometimes use the same terms to mean various things. One way to start cutting through the noise is to take a high-level look at the core capabilities of the offered product, ensuring it has certain features that meet an organisation’s needs.
What is an Endpoint in Today’s Enterprise?
The term ‘endpoint’ covers a lot more today than when it first came into popular use. Once upon a time, organisations had workstations and servers and a firewall, and they bought products to fit that infrastructure. Nowadays, a modern enterprise has a network of devices running such things as laptops, desktops, mobile phones etc.
An endpoint is anything that functions as one end of a communications channel. The term refers to parts of a network that don’t simply relay communications along channels, or switch those communications from one channel to another. Rather, an endpoint is the place where communications originate and where they are received.
All of these may be connecting via a local intranet or using cloud SaaS platforms or even the public internet.
What Enterprises Need To Do To Stay Safe
The current realities that enterprises face are more challenging than ever before. On the one hand, there is a growing need for security, while on the other, a growing demand for business continuity, supporting large fleets of endpoint and data sources that can be anywhere, at any time.
The new reality of our work culture, where endpoints can access sensitive data regardless of where they are connected from, forces CISOs and other security leaders to rely on the security awareness of their users and the integrity of the endpoint as the last, and sometimes the only, defence.
How Cybercriminals Are Seizing the Day
The frequency of successful attacks has been massively increasing since last year and there are a few driving factors behind the success of cybercrime, particularly ransomware.
First, Microsoft Windows, which is relied on in most organisations, is full of vulnerabilities and attackers have found ways to exploit them to attack organisations.
But perhaps by far the biggest problem is that organisations are trying to defend against modern threats with outdated technologies in some cases, and the wrong approach in others.
5 Traits of a Great Endpoint Security System
Endpoints are at the heart of every organisation and defending them is the only way to win the cybersecurity battle. There are products out there that have learned the lessons of the last 20 years of cybercrime are shown to be effective against even the most sophisticated of threats. But how to differentiate the right product from the wrong product? Let’s consider five essential characteristics needed by any modern security solution.
- A Proactive Approach to Novel Threats
By far the biggest weakness in security products of the past was the reliance on malware signatures. The main problem with these, of course, is that they are reactive.
This approach, which was developed in the 90s and 2000s, can’t keep organisations safe today. For that reason, some vendors have turned to machine learning models and behavioural AI to identify patterns and similarities common to malicious files and behaviour, regardless of origin.
Machine learning models can be trained to deal with the majority of commodity malware seen today. While ML alone cannot be relied on to catch all malware pre-execution, it is a great way to keep endpoints safe from common attacks without relying on the need for frequent updates to security signatures.
- Automatic Mitigation Without Human Intervention
Detection is only one half of the puzzle that needs to be solved for reliable endpoint security. A solution that can detect but relies on human beings to intervene in order to protect is of little use in the enterprise. The best is to have a solution that is capable of automatically mitigating and remediating malicious activity on the device.
Many security products struggle with this aspect, including some of the market leaders. Some vendors offer remote access tools integrated within the endpoint security solution, but that still requires a manual flow.
A great endpoint security system should be able to unquarantine a false detection just as easily as quarantining a real detection.
- Multi-Site, Multi-Tenancy Flexibility
The art of managing large fleets of devices and data points is not an easy task. To manage, respond and collect data from global sites requires a product that supports multi-tenancy and multi-sites, allowing local teams to inherit from the main policy, and manage locally when it makes sense to do so, supporting local needs without compromising the needs of others in the organisation.
- Plug the Gaps With Auto-Deploy
One of the easiest routes to compromise is simply devices without proper endpoint protection, and in modern day enterprises, it’s, unfortunately, a common reality that IT admins and security administrators simply do not know everything that is on their networks.
The only effective solution is to ensure the network can be mapped, and fingerprint devices in such a way that can determine what is connected, and what is unprotected.
Even when all the above needs are met, there is still a lot to discover about what is happening on endpoint. The problem of visibility is not new, but with the shift to a more digital way of life, the amount of data we all generate requires more efficient ways to index, correlate, and identify malicious activities at scale. This is why the best endpoint security systems are now moving beyond EDR and into XDR, which helps organisations address cybersecurity challenges from a unified standpoint.
The endpoint security market is booming, but to combat cyber-attacks, we require better tools and also better collaboration between us, defenders, and the security layers we use.