Endpoint protection (EPP) has been around for a long time.
Other security innovations have since come along, including detection & response services and different vulnerability management tools. These technologies are important – even essential – but they haven’t replaced EPP as the cornerstone of corporate cyber security.
But why is endpoint protection still as relevant today as it was in the past? It’s simple: it guarantees a basic level of security hygiene across your organization’s digital presence.
Advanced cyber attacks, sophisticated hacking and organized crime are all real threats, but it’s still common malware, spam and phishing that’ll put your business at risk 99,99% of the time. What’s the best way to avoid getting sick? Washing your hands. The same logic applies here.
As a not-insignificant additional bonus, it’s also easier to focus on the real threats when you’re not mired down by mundane security issues every other day. When you spot something odd it really stands out, instead of getting lost in the normal stream of alerts and weird activity in your IT environment.
Although EPP is (hopefully) part of every business’ overall security strategy, it doesn’t mean that you don’t need to pay attention to it. Endpoint solutions are not all created equal and even the smallest of differences matter.
To help you analyze your current situation, we have created a comprehensive but quick Endpoint Security Test. It gives you a good overview of your current situation, and helps you identify potential weaknesses and areas of improvement.
If you’ve already completed the test, or are otherwise aware of your pain points, download our free below eBook. It’ll tell you how to use all the modern technologies and best practices to create a truly holistic and layered security protocol, with great tips from threat analysts and security consultants.
Here is some of the stuff we’ll cover in the eBook:
1. Risk assessment
Assessing risks is a core component of any successful security strategy. It’s no use buying solutions and services based on feature lists and marketing promises, if they’re not relevant to your specific situation.
Now, our EPP test is a great place to start. It shows you the areas where your security might be lacking and gives you useful comparisons to other companies in your industry, country and size bracket.
But proper risk analysis doesn’t end there. Once you have a basic idea about where you currently stand, it’s time to turn things up a notch.
GET EVERYONE’S PERSPECTIVE = A good place to start is talking to the experts within your own organization. Bring all the business functions together and get them to talk to each other. What is the estimated impact of a specific cyber risk in a holistic way – including IT, Legal, Sales, Marketing, Operations and other departments?
BENCHMARK = Try to find example cases from companies similar to you (same industry, size, employee headcount or operating model) and apply the known outcomes from those cases into your own situation. How have they handled breach situations or organized their cyber security? Read reports, attend conferences and talk to your colleagues.
ANALYZE RISK SCENARIOS = What are the most relevant cyber threats for your organization? If you operate an online store, perhaps you need to pay special attention to sensitive customer data like credit card and social security information.
In this scenario, how would an attacker potentially breach YOUR infrastructure? By injecting malicious code through a phishing email and hijacking your payment transaction software? Using a vulnerable Java browser plugin to insert themselves onto your system and moving laterally across other endpoints?
REVIEW AND REITERATE = Proper risk analysis is a continuous process, repeated over and over and over. There’s always something: new threats and attack trends, new technologies, new business cases, new priorities – you get the point.
By establishing a successful loop based on the previous three steps is the only way to stay on top of your security outlook. Make a habit out of it! Monthly risk meetings might seem a bit gloomy at first, but they’ll pay off in the end – we promise.
If you’re looking for some software assistance, look into vulnerability management. Make sure the solution you get can scan both your internal IT infrastructure, as well as those of your partners and the wider internet.
2. Basic Security
After you have a good idea of where you stand currently, it’s time to get your hands dirty. And like building a house, we’re starting with the basics.
SECURE YOUR DEVICES = You need a modern firewall to protect both inbound and outbound traffic across all computers, mobile devices and servers. This is best achieved with a combination of “traditional” antivirus and behavioral analysis.
SECURE YOUR SOFTWARE = Get rid of software you’re not using and disable unessential features. Leverage your OS’s built-in security components (e.g. Bitlocker) and apply relevant patches as soon as possible.
SECURE YOUR PEOPLE = Machines don’t make mistakes – people do. Teach your employees the basics of information security and make sure they follow proper protocol when it comes to access rights, password management and suspicious emails.
SECURE YOUR NETWORK = Shut down all but the most essentials ports and protocols. Limit user privileges to local and required systems, and remove or limit remote access capabilities. Secure all in- and outgoing traffic, and regularly monitor and review network logs for suspicious activity.
Sounds like a lot? Just remember – you don’t need to do all this alone. A holistic EPP package should include all the components to help you achieve a solid security baseline.
3. Advanced Security
Once you have conducted a risk assessment and covered the basics of IT security, you will be in a position to focus on high-value actions to safeguard critical operations. This is where those previous scenarios you laid out with your inter-function teams will really start to come in handy.
But you can read more about this from our eBook!
Leave a comment