Key Pillars To Optimal Endpoint Security In Today’s Climate

By : Evan Dumas | Wednesday, October 21 2020 - 13:50 IWST

Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies (Photo by Linkedin)
Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies (Photo by Linkedin)

INDUSTRY.co.id - Choosing the right solution for your organisation’s endpoint security is critical in today’s security climate. With the sudden and massive shift to remote work, organisations and their endpoints have never been more vulnerable. Malicious actors around the world have been taking advantage of this situation, exploiting the unprecedented opportunity to hack into organisations’ IT infrastructures, and steal sensitive data.

What does it take for businesses to be confident in the resilience of their endpoint protection? Check Point shares 4 key pillars for optimal endpoint security solutions for CISOs and IT professionals to follow:

1. Prevention first approach

Preventing an attack saves an organisation a lot of time and money. A research by Accenture Security shows that the average cost of a malware attack, for example, can come to US$2.6 million. Moreover, the losses does not end with just cost and time lost. There is also the risk of damage to brand equity and customer trust.

Needless to say, preventing a network breach is always better than detection and remediation. Among the technologies that can help your organisation take the prevention-first approach are:

Anti-phishing (which include capabilities for unknown phishing sites)

Anti-ransomware

File sanitisation 

Content Disarm & Reconstruction (CDR) Expert prevention

Anti-bot

All these can help your organisation by significantly reducing the attack surface to prevent attacks before they reach the endpoint.

2. Multi-layered Security Approach

Today’s security reality is complex. There are millions of strains of unknown malware and many sophisticated evasion techniques. This means that stopping today’s most dangerous attacks requires an approach for inspecting more than one layer. Traditional solutions, including anti-virus, sandboxing, and legacy endpoint protection products do not have the sophistication required for such complexity since they offer limited inspection. The limitation comes from the fact that they use traditional detection methods, such as signatures or rule-based analysis, which simply cannot get the job done.

When taking a multi-layered approach to inspection, you can leverage these 3 main capabilities, pushing your inspection to new heights:

Artificial Intelligence (AI) - With AI, you can perform dynamic and static analysis of files and executables to unknown malware before it is executed with a very accurate detection rate.

Global-shared Threat Intelligence - By using shared feeds from hundreds of millions of sensors, and from research labs as well, you will have the knowledge and insights you need to take your endpoint security to a whole other level.

Behavioural Analysis - The ideal behavioural analysis engine collects indicators from endpoint devices, and correlates them with behavioural heuristics, and of course machine learning models.

With such a multilayered approach to endpoint protection, you can maximise malware identification and classification and the get highest attack catch rate.

3. Post Infection Remediation and Recovery

Unfortunately, no matter how comprehensive your state-of-the-art security solutions are, you really cannot assume that you won’t get hit with a cyberattack since you cannot completely avoid being breached. That is why it is important that you have a very strong post infection remediation and recovery capability. They should include:

Automatic quarantining of infected machines: This will prevent the effects of any attack from spreading laterally across the rest of the corporate network

Constant monitoring and recording of endpoint events: This should include affected files, processes launched, system registry changes, and network activity, so you can create detailed forensic reports with the full context of the attack

Automatic remediation and sterilisation of the entire cyber kill chain: So you can restore the device to the last clean point and get full recovery of ransomware encrypted files.

Incident response utilising advanced algorithms and deep analysis of the raw forensic data: To help build a comprehensive incident summary. It should also include actionable insights that empower system administrators and incident response teams to effectively triage and resolve the incident.

Proactive threat hunting: Recording endpoint events for long-term retention, enriching these events with threat intelligence, and supplying hunt leads to enable security professionals to query the historical data and uncover the most advanced stealth attacks, identifying the source of the attack and remediating it.

4. Consolidated Security Architecture

Ensuring security can be complicated. It gets even more complicated when you are getting multiple solutions from multiple vendors. When taking a look specifically at the context of endpoint security, having a suite that is tightly integrated with network, cloud and mobile security will bring many benefits. 

Integration will simplify management, serving as a one-stop-shop for managing the entire security infrastructure. It also enables shared threat intelligence across the entire IT infrastructure, and enhances attack correlation and threat hunting capabilities. In addition, integration helps to reduce the total cost of ownership, because you won’t have so many IT administrators and SOC resources for ensuring the organisation’s security. 

When you cover the 4 pillars to achieve the optimal endpoint protection solution tailored on your organisation, you can be confident that you are one step ahead of the cybercriminals.

News Comment

Today's Industry

Ilustration Hackers (Photo by Microwire.info)

Jumat, 30 Oktober 2020 - 11:20 WIB

Organisations Paid Hackers US$23.5 Million for These 10 Vulnerabilities in One Year

HackerOne report reveals cross-site scripting, improper access control, and information disclosure top list of most common and impactful vulnerabilities.

Clean Earth Technologies (CET)

Jumat, 30 Oktober 2020 - 10:30 WIB

Clean Earth Technologies’ New Class Of Polymers Invented By Associate Professor, Justin Chalker, Receives Australian Pm’s New Innovator Award

Associate Professor Justin Chalker has invented a novel class of polymers synthesised directly from elemental sulphur which is a waste by-product of the petrochemical industry and renewable…

SMILE to Empower Smallholders

Kamis, 29 Oktober 2020 - 08:35 WIB

Kao Corporation, Apical & Asian Agri Join Hands to Empower Smallholders with SMILE Program

SMILE or the SMallholder Inclusion for better Livelihood & Empowerment program to help independent oil palm smallholders in Indonesia improve their yields, acquire international certification,…

Industrial Area Ilustration

Rabu, 28 Oktober 2020 - 08:40 WIB

CFLD Develop a Strategic Industrial Area which is Supported by Seven New Infrastructures

Segye ASEAN Forum 2020 which is a series of Indonesian and Korean Manufacturing Industry Partnership forum events held, was attended virtually by more than 500 executives from well-known manufacturing…

Hilton – Asia Pacific (Photo by Hilton Asia Pacific - Posts | Facebook)

Selasa, 27 Oktober 2020 - 15:40 WIB

Waldorf Astoria to Debut in Japan with Milestone Signing In Tokyo

Set to open in 2026, Waldorf Astoria Tokyo Nihonbashi to Offer Timeless Luxury and Unrivaled Service in Japan’s Cultural Capital.