FEATURE
management process and displays
information in different ways. This
results in complexities pertaining to
allocation of resources, deciphering
threat information to understand the full
scope of an attack and responding to
threats quickly. Selecting solutions that
have streamlined, native integrations
for information sharing and automation
with a variety of security vendors will
dramatically simplify security operations
and accelerate response time.
Rob
Director
Solution
ROB Lay,
LAY,
DIRECTOR
SOLUTION
Architect,
Europe,
Optiv OPTIV
ARCHITECT,
EUROPE,
CISOs need to think about what the
overall strategy for security within
their business is. Is the focus more
on defending and protecting the
environment or ensuring a rapid and
effective response to incidents as they
occur? With the recent high-profile data
breaches, the risk of a cyberattack is
no longer ‘if’ but ‘when’ and there is a
growing recognition that it’s not possible
to avoid incidents. Businesses need
to shift their focus on how to respond
quickly and effectively to threats rather
than just investing in mitigation.
The endpoint estate in most businesses
is significant and with the right
technology on the endpoint this provides
significant coverage for threat hunting
or anomaly detection capabilities that
support efforts in identifying, analysing
and responding to incidents.
The endpoint estate
in most businesses
is significant.
When planning an endpoint protection
strategy, CISOs should think about
the integration abilities, both current
and road-mapped. As cybersecurity
becomes more integrated, it’s important
that decisions on specific technologies
don’t impact future capabilities through
lack of integration.
Additionally, CISOs should take stead
of what other tools are deployed on
the network as this can have an effect
on the best approach for the business.
For example, based on what solutions
are on the estate, would an additional
endpoint technology that provides
endpoint detection and response (EDR)
capabilities be the right way forward?
Or should the existing endpoint solution
simply be replaced? It’s important that
CISOs take a methodical, planned
approach to this. Only by considering
endpoint security as part of a broader
strategy can it be an effective element of
an organisations’ defence.
Karl
Lankford,
Lead LEAD
Solutions
KARL
LANKFORD,
Engineer,
EMEA
Bomgar
SOLUTIONS
ENGINEER,
EMEA BOMGAR
While the goals for cybercriminals
have stayed the same, their tactics
have changed. With an increase in
attacks and a wider variety of methods
of compromising networks, traditional
protections are no longer effective. To
stop these breaches and secure the
endpoint, businesses need to look at
different types of defences aside from
just anti-virus and perimeter security.
Rob Lay, Director Solution Architect,
Europe, Optiv
38
The best place to start is to implement a
least privileged security strategy using
privileged access management tools.
This ensures that the right person has
the right level of access to do just the
task they need on the network – rather
Karl Lankford, Lead Solutions Engineer,
EMEA Bomgar
than giving an unnecessary blanket level
of access. Another layer of defence is
privileged escalation and delegation
management, which allows IT teams to
remove excess admin rights throughout
their organisations and only elevate
privileges for approved applications
and actions. In fact, we’re seeing that
some of the biggest threats to endpoint
security is social engineering and
phishing attacks which encourage a user
to run an application that they wouldn’t
normally run. CISOs should look at
deploying application whitelisting on
employee devices so that applications
cannot run unless they have been
explicitly approved.
Finally, it may sound simple, but
businesses need to ensure that
endpoints are patched in a timely
manner. It’s understandable that CISOs
might not want to interrupt business but
known vulnerabilities must be patched
straightaway and failure to do this could
have dire consequences.
Vincent
Bieri,
Co-Founder
of
VINCENT
BIERI,
CO-FOUNDER
Nexthink
OF NEXTHINK
Many people believe that security
management is all about deploying
technology that will prevent threats
from reaching your network. However,
in today’s threat landscape the reality
of these tools being able to defend all
attacks is simply unrealistic and it’s clear
that CISOs must look beyond traditional
solutions and processes.
Issue 05
|
www.intelligentciso.com