FEATURE
behind in ensuring that bug is not
exploitable within our environments.
Just look at how many companies get hit
by infections that have been known to
the world for multiple months to years.
An approach to security whereby you
assume it’ll never happen to you and you
don’t inoculate yourself against it, is no
approach at all.
An approach to
security whereby you
assume it’ll never
happen to you and
you don’t inoculate
yourself against it, is
no approach at all.
to products that cover more areas. Invest
in visibility tools to allow more insight for
threat hunting or invest in products and
managed services that do this for you.
The key here is to know that not all
security spend is equal and some might
only provide you an extra 10% protection
to known areas while something else
could uncover completely unknown risks
within your business.
SCOTT
SCOTT MANSON,
MANSON, MANAGING
MANAGING
DIRECTOR,
DIRECTOR, MIDDLE
MIDDLE EAST
EAST AND
AND
TURKEY
TURKEY AT
AT MCAFEE
MCAFEE
Endpoint device security is no longer
about traditional anti-virus versus next-
generation endpoint protection. The truth
is you need a layered and integrated
defence that protects your entire digital
terrain and all types of devices –
traditional and non-traditional.
What best practice approach
should organisations take to
protect the endpoint?
You now find that the inherent protection
offered by your operating system out of
the box, using tools such as Microsoft
Defender, is more than capable of
providing the same protection as
traditional AV products.
This allows you to take the considerable
spend you place in that area and move it
38
•
•
Endpoint security should not be
demarcated as anti-virus software.
Without diminishing the value of tried
and tested anti-virus vendors, endpoint
security now spans a continuum
that includes advanced prevention
technologies, endpoint security controls
and advanced detection/response tools.
We must think in broader terms.
Second to maintenance, is the selection
of the appropriate tools and spending
your security budget wisely. The industry
moves quickly and you’re not best
served by just looking at traditional
software and names.
•
TAREK
TAREK KUZBARI,
KUZBARI, REGIONAL
REGIONAL
DIRECTOR
DIRECTOR FOR
FOR THE
THE MIDDLE
MIDDLE EAST
AT
BITDEFENDER
EAST
AT BITDEFENDER
•
management from a single console,
that can address different aspects of
endpoint security such as EPP, EDR,
patch management, encryption and
asset management
Focus on solutions that have low
operational impact
Ensure the solution can integrate
with other solutions in your security
ecosystem, such as network security,
SIEM, etc
Make sure that the most current
endpoint security controls are in
place and are functioning at all times
Look for solutions that can provide
you with visibility and protection, as
well as the ability to respond
NAAMAN
NAAMAN HART,
HART, CLOUD
CLOUD SERVICES
SECURITY
SERVICES ARCHITECT,
SECURITY DIGITAL
GUARDIAN
ARCHITECT, DIGITAL GUARDIAN
The first practice I’d always recommend
is that you learn what forensic data your
systems already produce and how to
capture that data and make it work for
you. Take, for example, system logs that
are not centrally collected, stored and
parsed for analysis. You might even
treat this data as a problem because it’s
regularly filling up your system disks and
causing performance issues.
Solve two problems by collecting and
centrally storing your logs while taking
data load off your endpoints. Start with
some automated basics that parse this
data for common security events and
gain some instant visibility into what
goes on within your environment. The
longer you do this, the easier it’ll be
for your staff to point out anything
unusual as they become familiarised
with your data.
I would recommend the following:
• Select the solution that really
addresses your needs, not what
vendors want to sell you
• Evaluate technologies based on your
environment and look for third party
test data as validation
• Keep abreast of emerging endpoint
technologies; don’t fall for buzz words
• Look for a comprehensive endpoint
security solution to simplify
This is not difficult and it can be done
for free in most cases with existing
licensing. What’s the point in getting new
tools for visibility if you’re ignoring what
your systems already gather?
The final best practice I’d suggest is to
know your industry and to get involved
with your community. While most threats
are generic, some are targeted to your
industry and country.
Issue 17
|
www.intelligentciso.com