A new SANS 2018 Survey on Endpoint Protection and Response, co-sponsored by McAfee, reports that the top threats to organizations include web-based malware, social engineering and ransomware—all of which focus on user endpoints.
So what does that mean when you are trying to protect an ever-changing attack surface? The survey results point to three best practices to help you simplify and automate your endpoint protection, detection and response capabilities.
- Users and the web are still your biggest security risks
The top threat vectors for exploited endpoints take advantage of the hapless user: web drive-by (63%), social engineering/phishing (53%) and ransomware (50%). Because these top compromises rely on human actions, it suggests a need for increased monitoring and containment, along with user education. A variety of tools, including next-gen antivirus and automated EDR should assist in this mission.
- You’ve got to correlate to automate
The 277 IT professionals who took this survey voiced concerns about their endpoints and all agreed that the need for predictive technologies (such as machine learning) are needed to go from known bad elements to focusing on identification of abnormal behavior.
- If an endpoint fell in your forest, would you hear it?
The need for visibility is clear. Being able to feed into the detection and response systems automatically reduces the time to detect and remediate the threat. Though workflow automation and machine learning are key enablers to improve detection, remediation and response, organizations are falling short in their use (less than a quarter of respondents use them).
Improved analysis and automation tools are key to discovery and correction. Next-generation tools bring not only machine learning, but also automation to identify unexpected behavior. Equally important is having tools that provide ease of use for analysts to reduce the skills gap in our industry.
To address these needs we are constantly upgrading our capabilities and just released McAfee® Endpoint Security (ENS) version 10.6 which includes new capabilities to better protect customers from advanced threats. In addition, it’s simpler, with a single agent, single console and automated responses to targeted attacks. Just as important, it has advancements such as machine learning and zero-day containment.
If you haven’t watched our latest video below.