This blog was written by Joakim Lialias.
Organizations have added layer after layer of defense to stay ahead of the latest cyberattacks. In theory, they should be better protected. Instead, security teams are drowning in tools and interfaces. According to the 2017 Forrester report Mastering the Endpoint, organizations now monitor 10 different security agents on average and swivel between at least five different interfaces to investigate and remediate incidents.
There’s a way to get ahead with fresh thinking about endpoint security. Drawing on real-world experiences from more than 250 security decision makers along with insights from Forrester and McAfee, here are six essential steps for mastering the modern endpoint, and protecting the enterprise both today, and tomorrow.
Build a security framework that scales and adapts to the changing threat landscape.
The concept of adding multiple layers of defense is widely accepted, but the key to gaining the most value out of these layers is connecting them using a flexible, adaptive security framework. By implementing defense layers that communicate with one another, you achieve greater efficiency and efficacy. The ideal framework is extensible, allowing you to continually add new layers to the fabric as business and security requirements change.
Integrate detection and response capabilities into everyday operations.
Administrators need the ability to quickly follow the tracks of a threat and clean up everything it touches. Unfortunately, those capabilities are typically limited to specialized investigators, and there just aren’t enough of them to go around. Adding yet another disparate investigation suite won’t solve this problem. By implementing a solution that integrates detection and response capabilities into everyday endpoint operations, front-line administrators can respond quickly when infections inevitably hit.
Minimize false positives so you can focus more on critical tasks.
Defenses that share threat intelligence can automatically validate or exonerate a potential threat, so human administrators don’t have to. By eliminating layers of complexity and manual effort, front-line security teams are empowered to cut through the noise and respond faster. Create even more focus by automatically surfacing the highest-priority incidents and provide a clear workflow for resolution.
Share threat intelligence in real time and immediately apply the learnings.
The ideal threat intelligence strategy combines external sources with intelligence gathered from your own environment. Platforms should share intelligence across multiple layers of defenses in real time—automatically, without requiring administrators to swivel between interfaces. The platform should then immediately apply information gleaned from one infection to every other security system in your environment.
Use advanced machine learning and the cloud for scale and speed.
Implementing and utilizing advanced machine learning capabilities, both locally and in the cloud, allows you to statistically compare suspicious executables against thousands of attributes of known threats—without signatures. The ability to analyze both static code features and an executable’s actual behavior allows you to uncover hidden threats in seconds.
Consolidate agents and manual processes.
By consolidating multiple tools, systems, and reports into a single management console, manual processes are drastically decreased. By adopting a consolidated approach, you can reduce the number of agents your team administers and automate manual tasks with streamlined workflows. Instead of spending hours battling disparate interfaces, you empower your team to control multiple layers of endpoint security with automated, “set-it-and-forget-it” capabilities.