Your Endpoint Security Strategy Needs a Hug
Published: Oct 11, 2018
Author: David Grady
Time for a little group therapy, fellow IT and cybersecurity professionals: If you’re feeling defeated and wondering what the (professional) point of everything is, you are not alone. More than half of IT managers (60%) in a recent Sophos study said their defenses are not strong enough to stop the depressingly-diverse array of attacks they’d witnessed over the previous year. Clearly, many in the field feel they’re losing the battle against a foe that’s capable of constantly reinventing itself.
Talk about an inferiority complex! The bad guys always seem so cool and creative -- and free to invent new methods of attack. The good guys? They’re stuck in another governance committee meeting justifying their team’s headcount. It’s little wonder one of the industry’s most-read security bloggers recently posted a series of tweets expressing his professional/existential dismay about the state of corporate security.
But please, don’t despair. We can get through this together. The first step toward cyber-wellness is admitting that we have a cybersecurity problem.
This is the end(point)
If you’re still focused on perimeter security, we’re sorry to inform you that you are in denial. Traditional endpoint security, a.k.a. antivirus (AV), has long been a crutch in the fight against cyber attackers, but AV alone just doesn’t cut it anymore. Those tools rely on known malware signatures to be effective but they can’t defend against zero day attacks and new ransomware variants. And because the attack surface continues to grow, cybercriminals have much more room to work with. Think about how many workstations, laptops, mobile devices, IoT sensors and BYO devices litter your IT landscape. It’s almost enough to cause a panic attack.
Fret not, friend. Here are a few areas that IT and cybersecurity professionals can address to ease their endpoint suffering:
- Embrace Machine Learning - Endpoint solutions are beginning to leverage machine learning to sift through massive piles of data to identify new malware strands that humans can’t with the naked eye or first-generation analytics tools. Machine learning algorithms look for anomalies and other telltale signs to isolate samples of code and determine if they are malicious. Machine learning is becoming an essential tool in combatting cybercrime, and organizations should look for endpoint solutions with this capability for better protection.
- Integrate Threat Intelligence – Credible information about possible or likely cyberattacks is only as good as an organization’s ability to leverage it. Understanding how bad guys use different methods to attack different kinds of organizations is the key, according to a recent ZDNet article. Deploying endpoint solutions that can take in and utilize dynamic threat intelligence feeds will give a major boost to your organization’s cyber protection.
- Demand Ease of Management – Managing endpoint tools isn’t always easy, especially with many vendors adding complexity to their solutions in an effort to keep pace with sophisticated and creative bad guys. If your toolkit is causing you stress and anxiety, speak up! Let your vendors know that their solutions have become too complex to manage effectively. Remind them that ease of use is as important as the latest bells and whistles, even when those bells and whistles are highly effective.
- Employ a layered defense - Even when updated, endpoint solutions may not stop all ransomware; the Sophos report found 77% of organizations were running up-to-date endpoint security when they were nonetheless hit by ransomware. Fighting ransomware requires a layered approach, including good overall cyber-hygiene (patching); anti-phishing tools; website filters and domain name system controls to prevent users from landing on sites suspected of being infected. Backing up data frequently, of course, is crucial to weathering a ransomware attack because you can always revert if your systems and data are being held hostage And don’t forget the importance of user training and phishing awareness campaigns: IT security depends on people, too.
- Ask for help - There’s no shame in turning to a managed security services partner for help in the ongoing management of complex endpoint tools, especially if you’re a small or medium business with very limited IT and security staff. Outside expertise can help ease the burden you carry when toiling to protect your organization’s data.
So…feel a little better now?
Learn more about where to focus your security efforts with the Verizon Risk Report.
David Grady, CISM, is a Senior Client Partner in Verizon’s Security Solutions practice.