Key Pillars To Optimal Endpoint Security In Today’s Climate

By : Evan Dumas | Wednesday, October 21 2020 - 13:50 IWST

Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies (Photo by Linkedin)
Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies (Photo by Linkedin) - Choosing the right solution for your organisation’s endpoint security is critical in today’s security climate. With the sudden and massive shift to remote work, organisations and their endpoints have never been more vulnerable. Malicious actors around the world have been taking advantage of this situation, exploiting the unprecedented opportunity to hack into organisations’ IT infrastructures, and steal sensitive data.

What does it take for businesses to be confident in the resilience of their endpoint protection? Check Point shares 4 key pillars for optimal endpoint security solutions for CISOs and IT professionals to follow:

1. Prevention first approach

Preventing an attack saves an organisation a lot of time and money. A research by Accenture Security shows that the average cost of a malware attack, for example, can come to US$2.6 million. Moreover, the losses does not end with just cost and time lost. There is also the risk of damage to brand equity and customer trust.

Needless to say, preventing a network breach is always better than detection and remediation. Among the technologies that can help your organisation take the prevention-first approach are:

Anti-phishing (which include capabilities for unknown phishing sites)


File sanitisation 

Content Disarm & Reconstruction (CDR) Expert prevention


All these can help your organisation by significantly reducing the attack surface to prevent attacks before they reach the endpoint.

2. Multi-layered Security Approach

Today’s security reality is complex. There are millions of strains of unknown malware and many sophisticated evasion techniques. This means that stopping today’s most dangerous attacks requires an approach for inspecting more than one layer. Traditional solutions, including anti-virus, sandboxing, and legacy endpoint protection products do not have the sophistication required for such complexity since they offer limited inspection. The limitation comes from the fact that they use traditional detection methods, such as signatures or rule-based analysis, which simply cannot get the job done.

When taking a multi-layered approach to inspection, you can leverage these 3 main capabilities, pushing your inspection to new heights:

Artificial Intelligence (AI) - With AI, you can perform dynamic and static analysis of files and executables to unknown malware before it is executed with a very accurate detection rate.

Global-shared Threat Intelligence - By using shared feeds from hundreds of millions of sensors, and from research labs as well, you will have the knowledge and insights you need to take your endpoint security to a whole other level.

Behavioural Analysis - The ideal behavioural analysis engine collects indicators from endpoint devices, and correlates them with behavioural heuristics, and of course machine learning models.

With such a multilayered approach to endpoint protection, you can maximise malware identification and classification and the get highest attack catch rate.

3. Post Infection Remediation and Recovery

Unfortunately, no matter how comprehensive your state-of-the-art security solutions are, you really cannot assume that you won’t get hit with a cyberattack since you cannot completely avoid being breached. That is why it is important that you have a very strong post infection remediation and recovery capability. They should include:

Automatic quarantining of infected machines: This will prevent the effects of any attack from spreading laterally across the rest of the corporate network

Constant monitoring and recording of endpoint events: This should include affected files, processes launched, system registry changes, and network activity, so you can create detailed forensic reports with the full context of the attack

Automatic remediation and sterilisation of the entire cyber kill chain: So you can restore the device to the last clean point and get full recovery of ransomware encrypted files.

Incident response utilising advanced algorithms and deep analysis of the raw forensic data: To help build a comprehensive incident summary. It should also include actionable insights that empower system administrators and incident response teams to effectively triage and resolve the incident.

Proactive threat hunting: Recording endpoint events for long-term retention, enriching these events with threat intelligence, and supplying hunt leads to enable security professionals to query the historical data and uncover the most advanced stealth attacks, identifying the source of the attack and remediating it.

4. Consolidated Security Architecture

Ensuring security can be complicated. It gets even more complicated when you are getting multiple solutions from multiple vendors. When taking a look specifically at the context of endpoint security, having a suite that is tightly integrated with network, cloud and mobile security will bring many benefits. 

Integration will simplify management, serving as a one-stop-shop for managing the entire security infrastructure. It also enables shared threat intelligence across the entire IT infrastructure, and enhances attack correlation and threat hunting capabilities. In addition, integration helps to reduce the total cost of ownership, because you won’t have so many IT administrators and SOC resources for ensuring the organisation’s security. 

When you cover the 4 pillars to achieve the optimal endpoint protection solution tailored on your organisation, you can be confident that you are one step ahead of the cybercriminals.

News Comment

Today's Industry

COVID-19 Emergency Hospital in Kemayoran Athletes Village (Photo by: PR of Ministry of Health)

Kamis, 13 Mei 2021 - 06:10 WIB

Gov’t Completes Incentive Payment for Volunteers at Kemayoran Athletes Village

Ministry of Health, on 6-10 May 2021, has completed incentive payment of December 2020 for 1,613 volunteers working at COVID-19 Emergency Hospital in Kemayoran Athletes Village amounting to…

Vice President Ma’ruf Amin chairs a virtual meeting of the Regional Autonomy Advisory Council (DPOD), Tuesday (11/05). Photo by: BPMI of Vice Presidential Secretariat

Kamis, 13 Mei 2021 - 05:00 WIB

Special Allocation Fund during Pandemic Must be Managed in Accountable Manner: VP

The use of Special Allocation Fund (DAK) during the COVID-19 pandemic must take into account the accountability principle, Vice President Ma’ruf Amin has said.

Minister of Religious Affairs Yaqut Cholil Qoumas, Chairperson of the Indonesia Ulema Council (MUI) KH Abdullah Jaidi, and Deputy Head of Commission VIII Ace H Syadzili

Kamis, 13 Mei 2021 - 03:50 WIB

Eid al-Fitr Falls on Thursday, Gov’t Announces

The Government has announced that the first day of Shawwal 1442 Hijri, which marks the Eid al-Fitr 1442 Hijri celebration, falls on Thursday, 13 May 2021.

Minister of Manpower Ida Fauziyah. (Photo by: BPMI Documentation)

Kamis, 13 Mei 2021 - 02:45 WIB

Manpower Minister: Companies Must Protect Loading-Unloading Workers through Social Security Programs

Minister of Manpower Ida Fauziyah told companies to protect their loading-unloading workers (TKBM) through social security program for workers.

Minister of Transportation Budi Karya Sumadi inspected transportation service during the mudik ban period (11/05/2021). (Photo by: PR of Ministry of Transportation)

Kamis, 13 Mei 2021 - 01:39 WIB

Logistics Transport Movement During Mudik Ban Jumps by 70%

Movement of logistics transport via sea toll road has dramatically increased by about 70 percent during the period of mudik (Eid homecoming period) ban, according to Minister of Transportation…