H
How should CISOs assess how
best to secure the endpoint?
RAY KAFITY,
KAFITY, VICE
VICE PRESIDENT,
PRESIDENT,
RAY
MIDDLE EAST,
EAST, TURKEY
TURKEY AND
AND
MIDDLE
AFRICA AT
AT ATTIVO
ATTIVO NETWORKS
NETWORKS
AFRICA
Several measures can be implemented
by CISOs to help gauge the effectiveness
of endpoint security and protect against
putting organisations and their critical
assets at risk. Some of these include:
Know your security architecture:
It’s important to have a baseline
understanding of one’s security
infrastructure, compliance requirements,
associated threat risks and exposure.
These are the first steps in establishing
an organisation’s security posture and
preparing for cyberthreats.
Ray Kafity, Vice President, Middle East,
Turkey and Africa at Attivo Networks
Prevention capabilities: The security
fundamentals start with preventing
attackers from getting into the network.
Typical prevention systems include
firewalls, gateways, sandboxes, network
access control, endpoint security
and other systems that keep track of
attacks and block them from entering
the network. Choose an endpoint
security solution that extends the value
of prevention systems by manually or
automatically sharing newly discovered
attack information and signatures to
block and isolate an attacker.
Detection capabilities: Modern-day
security posture assumes the network
www.intelligentciso.com
|
Issue 05
FEATURE
has been compromised and attackers
are already inside. Zero-day exploits,
ransomware/malware, stolen credential,
man-in-the-middle activity, phishing and
insider compromises are just some of
the many ways that an attacker can
bypass perimeter security. Deception
Deception
technology provides
early and efficient
detection of potential
threats and attacks.
technology provides early and efficient
detection of potential threats and attacks
across the network, data centre, cloud,
IoT devices, SCADA, POS, network
infrastructure and more. Moreover,
endpoint deceptions provide early
and highly effective detection against
attackers seeking to harvest credentials
by redirecting them to deception assets.
Rapid and accurate detection: Dwell
time is a major issue today. According
to recent research, it still stands at over
100 days and can be considerably longer
in other countries. Clearly, adversaries
are afforded way too much time to
move around inside your enterprise
once they’ve breached it. Therefore, it
is important for endpoint solutions to
identify infections or policy violations
quickly and thus shrink the dwell-time.
These alerts must also be accurate and
easily actionable so they are not lost
amongst false positive alert noise.
Automated response: Choose endpoint
solutions that reduce management
complexities, share attack data and
provide accelerated response by easily
connecting the dots across the network
and all endpoints to quickly shutdown
and remediate an attack.
Streamlined integration: Many
organisations use multiple security
tools. Each product has its own
37