Intelligent CISO Issue 05 | Page 38

FEATURE management process and displays information in different ways. This results in complexities pertaining to allocation of resources, deciphering threat information to understand the full scope of an attack and responding to threats quickly. Selecting solutions that have streamlined, native integrations for information sharing and automation with a variety of security vendors will dramatically simplify security operations and accelerate response time. Rob Director Solution ROB Lay, LAY, DIRECTOR SOLUTION Architect, Europe, Optiv OPTIV ARCHITECT, EUROPE, CISOs need to think about what the overall strategy for security within their business is. Is the focus more on defending and protecting the environment or ensuring a rapid and effective response to incidents as they occur? With the recent high-profile data breaches, the risk of a cyberattack is no longer ‘if’ but ‘when’ and there is a growing recognition that it’s not possible to avoid incidents. Businesses need to shift their focus on how to respond quickly and effectively to threats rather than just investing in mitigation. The endpoint estate in most businesses is significant and with the right technology on the endpoint this provides significant coverage for threat hunting or anomaly detection capabilities that support efforts in identifying, analysing and responding to incidents. The endpoint estate in most businesses is significant. When planning an endpoint protection strategy, CISOs should think about the integration abilities, both current and road-mapped. As cybersecurity becomes more integrated, it’s important that decisions on specific technologies don’t impact future capabilities through lack of integration. Additionally, CISOs should take stead of what other tools are deployed on the network as this can have an effect on the best approach for the business. For example, based on what solutions are on the estate, would an additional endpoint technology that provides endpoint detection and response (EDR) capabilities be the right way forward? Or should the existing endpoint solution simply be replaced? It’s important that CISOs take a methodical, planned approach to this. Only by considering endpoint security as part of a broader strategy can it be an effective element of an organisations’ defence. Karl Lankford, Lead LEAD Solutions KARL LANKFORD, Engineer, EMEA Bomgar SOLUTIONS ENGINEER, EMEA BOMGAR While the goals for cybercriminals have stayed the same, their tactics have changed. With an increase in attacks and a wider variety of methods of compromising networks, traditional protections are no longer effective. To stop these breaches and secure the endpoint, businesses need to look at different types of defences aside from just anti-virus and perimeter security. Rob Lay, Director Solution Architect, Europe, Optiv 38 The best place to start is to implement a least privileged security strategy using privileged access management tools. This ensures that the right person has the right level of access to do just the task they need on the network – rather Karl Lankford, Lead Solutions Engineer, EMEA Bomgar than giving an unnecessary blanket level of access. Another layer of defence is privileged escalation and delegation management, which allows IT teams to remove excess admin rights throughout their organisations and only elevate privileges for approved applications and actions. In fact, we’re seeing that some of the biggest threats to endpoint security is social engineering and phishing attacks which encourage a user to run an application that they wouldn’t normally run. CISOs should look at deploying application whitelisting on employee devices so that applications cannot run unless they have been explicitly approved. Finally, it may sound simple, but businesses need to ensure that endpoints are patched in a timely manner. It’s understandable that CISOs might not want to interrupt business but known vulnerabilities must be patched straightaway and failure to do this could have dire consequences. Vincent Bieri, Co-Founder of VINCENT BIERI, CO-FOUNDER Nexthink OF NEXTHINK Many people believe that security management is all about deploying technology that will prevent threats from reaching your network. However, in today’s threat landscape the reality of these tools being able to defend all attacks is simply unrealistic and it’s clear that CISOs must look beyond traditional solutions and processes. Issue 05 | www.intelligentciso.com