Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Maturing Endpoint Security: 5 Key Considerations

1,166 views

Published on

Endpoints are everywhere, and endpoint security is evolving. Endpoints also remain the most attractive target for hackers as a point of entry for attacks because they’re connected to the weakest link in enterprise data protection: humans.

View the SlideShare to learn:
--Why evolving threats require increased endpoint defense capabilities.
--What organizations can do to protect against known and unknown threats, while reducing manual processes for administrators.
--The primary capabilities of endpoint detection and response (EDR) tools, and how you can find the right fit for your business.
--Where your organization sits on the endpoint security maturity scale.
--Keys to maturing your endpoint security strategy.

A new generation of products and services is helping organizations keep pace with modern threats and advance beyond traditional, prevention-oriented endpoint protection to a more comprehensive — and realistic — focus on detection and incident response.

Published in: Technology
  • Be the first to comment

Maturing Endpoint Security: 5 Key Considerations

  1. 1. MATURING ENDPOINT SECURITY 5 KEY CONSIDERATIONS
  2. 2. www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. Sponsored by
  3. 3. Ask yourself: a) Very confident b) Somewhat confident c) Not at all confident HOW CONFIDENT ARE YOU IN YOUR ORGANIZATION’S ABILITY TO DETECT AND RESPOND TO MODERN THREATS?
  4. 4. THE AGGRESSIVENESS AND SOPHISTICATION OF CYBER ATTACKS HAS INCREASED; DEFENSIVE CAPABILITIES ARE NOT KEEPING UP Sources: Gemalto 2016 Breach Level Index, FireEye 2017 M-Trends Report 1.4 billion data records were compromised during 2016, an increase of 86 percent over 2015 Global median time from compromise to discovery in 2016 was 99 days
  5. 5. Source: Verizon 2016 Data Breach Investigations Report USERS AND USER DEVICES REPRESENT THE LARGEST AND FASTEST-GROWING TARGET GROUP Server User Device Person Media Kiosk/Terminal Network2009 2010 2011 2012 2013 2014 2015 0% 10% 20% 30% 40% 50% Percent of breaches per asset category over time
  6. 6. NO MATTER WHAT TECHNOLOGY WE PUT IN PLACE, NO MATTER HOW MUCH MONEY WE SPEND ON PROTECTIONS FOR THE ORGANIZATION, WE STILL HAVE PEOPLE, AND PEOPLE ARE FALLIBLE. — Theodore Kobus, Baker & Hostetler, Privacy and Data Protection
  7. 7. ENDPOINT SECURITY IS THE FRONT LINE IN THE FIGHT AGAINST CYBER ATTACKS
  8. 8. Ask yourself: a) Less than 5 b) More than 5 c) Not sure HOW MANY ENDPOINT SECURITY AGENTS IS YOUR TEAM CURRENTLY MONITORING?
  9. 9. Source: Forrester Mastering the Endpoint, March 2017 On average, organizations are monitoring 10 different security agents… …and swiveling between at least 5 different interfaces to investigate and remediate incidents
  10. 10. Forrester Business Technographics Security Survey, Q3 2016 MANY ORGANIZATIONS STILL RELY HEAVILY ON SIGNATURE-BASED SOLUTIONS 55% 53% 63% 80%
  11. 11. THE BOTTOM LINE: ORGANIZATIONS NEED TO ENHANCE PREVENTION METHODS ON THE ENDPOINT AND ADD THE ABILITY TO DETECT AND RESPOND TO EMERGING THREATS
  12. 12. BY 2020, 80% OF LARGE ENTERPRISES, 25% OF MIDSIZE ORGANIZATIONS AND 10% OF SMALL ORGANIZATIONS WILL HAVE INVESTED IN EDR CAPABILITIES. — Gartner Market Guide for Endpoint Detection and Response Solutions, 30 November, 2016
  13. 13. ENDPOINT SECURITY USE CASES Facilitate the prevention of attacks by stopping endpoints from executing malicious files and processes, and/or connecting to malicious domains and URLs. Some tools can also remove malicious files, and isolate infected endpoints from the network. Search for and identify advanced attacks or malware processes in real-time through proactive hunting for malicious activity. This can include activity scoring, and both rule-based and threat-intelligence- based detection. This use case is typically for organizations with mature security programs. Continuous monitoring of endpoints to understand what executables are running, what activities users and/or endpoints are engaging in or have engaged in, the current state of endpoints, etc. Analysts can use recorded information to establish trends and patterns of activities to learn what’s normal, and what’s not. Provide a platform to document, analyze, contain, disrupt and/or remediate incidents. Provide history of activity, connections and actions. Conduct historical searches, and scan systems for known artifacts derived from threat intelligence and past investigations. Prevent or alert on unauthorized changes to endpoint configurations/installations. Maintain standard or “Gold” images in order to prevent the need to reimage. Enhance patch management by preventing vulnerabilities from being exploited before organizations have a chance to deploy patches. Incident Investigation/ Response Management Prevention Threat Hunting/ Detection Monitoring/ Visibility
  14. 14. FINDING THE RIGHT FIT There are numerous EDR solutions to choose from, as well as next-generation endpoint security solutions from EPP providers that incorporate EDR capabilities.
  15. 15. 5 KEYS TO MATURING YOUR ENDPOINT STRATEGY
  16. 16. Organizations need to evaluate their current capabilities before they can advance their programs ONE GAUGE YOUR MATURITY
  17. 17. Initial Processes unorganized; not repeatable or scalable Repeatable Basic program and policies established; success can be repeated Defined Program and policies formalized and updated in last 24 months Managed Program formalized, up to date and functioning; CISO in place Optimized Model security program around all endpoints; designed to anticipate change ENDPOINT SECURITY MATURITY MODEL
  18. 18. Ask yourself: a) Initial or Repeatable b) Defined or Managed c) Optimized d) Unsure BASED ON THIS MODEL, WHAT WOULD YOU GUESS YOUR ORGANIZATION’S MATURITY TO BE?
  19. 19. No single solution can keep up with today’s sophisticated, emerging threats TWO ENSURE COMPREHENSIVE PROTECTION
  20. 20. COMPREHENSIVE CONTROLS Anti-virus Advanced prevention tools Advanced detection and response tools Additional endpoint security controls • Application controls • Network access controls • Management controls • Port controls • DLP • ERM NEXT-GENERATION ENDPOINT SECURITY
  21. 21. MACHINE LEARNING? Machine learning is one of the year’s hottest technology trends; within the endpoint security space, many companies legitimately claim to do some machine learning, though it’s often not clear what that means, how it works, or even why it is important.
  22. 22. It is impossible to manually manage all of the endpoints on your network; while it’s important to have defense-in-depth, it is equally important to consolidate agents and processes wherever possible THREE CENTRALIZE MANAGEMENT
  23. 23. Too much IT security spending has focused on the prevention of data breaches, and not enough has gone towards preparing for the inevitable FOUR STREAMLINE INCIDENT RESPONSE
  24. 24. Humans are the weakest link in any security strategy; defending against human behavior involves a combination of endpoint security solutions and increased awareness FIVE BOLSTER SECURITY AWARENESS
  25. 25. http://focus.forsythe.com/articles/574/Maturing- Endpoint-Security-5-Key-Considerations CHECK OUT THE ORIGINAL ARTICLE:
  26. 26. http://focus.forsythe.com OR FIND MORE ARTICLES ABOUT BUSINESS AND TECHNOLOGY SOLUTIONS AT FOCUS ONLINE:
  27. 27. Authors: Jose Ferreira Security Strategist, Forsythe Security Solutions Josh Thurston Security Strategist, Office of the CTO, McAfee www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses.

×