FEATURE
should CIOs avoid when implementing endpoint security solutions ?
Solling said CIOs should avoid thinking that all solutions are created equal . He added that the market contains many solutions with great capabilities , but it is also important to assess the effort required to operate and manage the solution before implementing it .
According to Mazibuko , many organisations are migrating from Endpoint Protection Platforms ( EPP ) to Endpoint Detection and Response ( EDR ). “ XDR is a new approach that provides visibility across endpoint , cloud , network and third-party data . This enrichment truly breaks down the silos , taking endpoint security management to the next level ,” he explained .
He said the convergence of network and security has brought the industry the Secure Access Service Edge ( SASE ).
“ This cloud-native model provides the benefit of a unified platform without the burden of legacy infrastructure . The solution is perfect for the hybrid work model , allowing efficient and secure access to cloud resources and seamless access to on-premises applications ,” he said . “ This convergence brings the best in connectivity ( SD-WAN , NaaS ) and security ( FWaaS , endpoint security , web security and network security ).”
Remote working
Given that most organisations are promoting remote working and adopting hybrid work models , CIOs need to factor in several considerations and scenarios when developing a comprehensive endpoint security management policy .
Meriam El Ouazzani , Regional Channel Manager META , SentinelOne , said with many employees now working from home , organisations are exposed to a vastly increased attack surface and must reassess their endpoint security strategies to ensure they are equipped for this new environment .
El Ouazzani said it is no trivial task to provide the same levels of security for all these employees , operating outside
Nicolai Solling , Chief Technology Officer , Help AG
the ( relatively ) safe perimeter of their offices and local Intranet . “ It ’ s best if organisations use endpoint security software that protect them against unknown forms of ransomware and other cyberattacks . One way to do that is through Endpoint Protection Platform
( EPP ) that uses predictive execution inspection engines that go beyond file-based analysis – even mathematic algorithmic analysis – that observes the actual execution of every system process or thread , in real time ,” she said . “ By understanding the execution behaviours of all applications , programs and processes in real-time , EPP should provide ultimate defence against any type of attack .”
According to El Ouazzani , organisations must adopt a holistic endpoint security management practice and for this , they need complete visibility into their cyber environment .
At Help AG , Solling said that when employees are working remotely , the most important security capability an organisation has is the ability to deliver a robust endpoint . He noted that endpoint security solutions , endpoint configuration hardening and user awareness are key to achieving this . “ It is also crucial to achieve visibility and protection independently of the user ’ s location , ensuring security efficiency whether an endpoint is on the corporate network or not ,” he said . “ Cloud services are massively useful here , but they come at the cost of the organisation trusting the endpoint security vendor with potentially sensitive telemetry data . Therefore , any evaluation should include an assessment of what data is required for the vendor to deliver a successful service and how the vendor is protecting the organisation ’ s data .”
Looking ahead , Solling noted that endpoint protection has undergone phenomenal development over the last five years and most of it stems from the innovative ability to embed Machine Learning in an agent . He added that another major shift is that agents now typically send the telemetry data they generate into large data lakes operated by the vendors of the solution .
“ The more data , the better the solution is at early detection of changes in the behaviour of threats . To an extent , the data that agents produce is becoming the real product offered by vendors , as more data means more protection ,” he said . u www . intelligentciso . com
39