Intelligent CISO Issue 17 | Page 38

FEATURE behind in ensuring that bug is not exploitable within our environments. Just look at how many companies get hit by infections that have been known to the world for multiple months to years. An approach to security whereby you assume it’ll never happen to you and you don’t inoculate yourself against it, is no approach at all. An approach to security whereby you assume it’ll never happen to you and you don’t inoculate yourself against it, is no approach at all. to products that cover more areas. Invest in visibility tools to allow more insight for threat hunting or invest in products and managed services that do this for you. The key here is to know that not all security spend is equal and some might only provide you an extra 10% protection to known areas while something else could uncover completely unknown risks within your business. SCOTT SCOTT MANSON, MANSON, MANAGING MANAGING DIRECTOR, DIRECTOR, MIDDLE MIDDLE EAST EAST AND AND TURKEY TURKEY AT AT MCAFEE MCAFEE Endpoint device security is no longer about traditional anti-virus versus next- generation endpoint protection. The truth is you need a layered and integrated defence that protects your entire digital terrain and all types of devices – traditional and non-traditional. What best practice approach should organisations take to protect the endpoint? You now find that the inherent protection offered by your operating system out of the box, using tools such as Microsoft Defender, is more than capable of providing the same protection as traditional AV products. This allows you to take the considerable spend you place in that area and move it 38 • • Endpoint security should not be demarcated as anti-virus software. Without diminishing the value of tried and tested anti-virus vendors, endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls and advanced detection/response tools. We must think in broader terms. Second to maintenance, is the selection of the appropriate tools and spending your security budget wisely. The industry moves quickly and you’re not best served by just looking at traditional software and names. • TAREK TAREK KUZBARI, KUZBARI, REGIONAL REGIONAL DIRECTOR DIRECTOR FOR FOR THE THE MIDDLE MIDDLE EAST AT BITDEFENDER EAST AT BITDEFENDER • management from a single console, that can address different aspects of endpoint security such as EPP, EDR, patch management, encryption and asset management Focus on solutions that have low operational impact Ensure the solution can integrate with other solutions in your security ecosystem, such as network security, SIEM, etc Make sure that the most current endpoint security controls are in place and are functioning at all times Look for solutions that can provide you with visibility and protection, as well as the ability to respond NAAMAN NAAMAN HART, HART, CLOUD CLOUD SERVICES SECURITY SERVICES ARCHITECT, SECURITY DIGITAL GUARDIAN ARCHITECT, DIGITAL GUARDIAN The first practice I’d always recommend is that you learn what forensic data your systems already produce and how to capture that data and make it work for you. Take, for example, system logs that are not centrally collected, stored and parsed for analysis. You might even treat this data as a problem because it’s regularly filling up your system disks and causing performance issues. Solve two problems by collecting and centrally storing your logs while taking data load off your endpoints. Start with some automated basics that parse this data for common security events and gain some instant visibility into what goes on within your environment. The longer you do this, the easier it’ll be for your staff to point out anything unusual as they become familiarised with your data. I would recommend the following: • Select the solution that really addresses your needs, not what vendors want to sell you • Evaluate technologies based on your environment and look for third party test data as validation • Keep abreast of emerging endpoint technologies; don’t fall for buzz words • Look for a comprehensive endpoint security solution to simplify This is not difficult and it can be done for free in most cases with existing licensing. What’s the point in getting new tools for visibility if you’re ignoring what your systems already gather? The final best practice I’d suggest is to know your industry and to get involved with your community. While most threats are generic, some are targeted to your industry and country. Issue 17 | www.intelligentciso.com