The digital perimeter around businesses has changed a lot in the past decade, with cloud computing, bring-your-own-device (BYOD) and the internet of things (IoT,) to name but a few. For many, this has meant a radical rethink of their endpoint protection. Companies might do the same because they’ve outgrown their provider or lost trust when the protection has let them down.
If you’re thinking about changing your cybersecurity dance partner while you’re in good company, it’s important to think through your decision. And it’s important to take stock and question if your current solution is going to be good enough to face oncoming threats. Kaspersky’s white paper, Time to switch — updating endpoint security: Why now is the time to act, recommends you ask these questions.
1. What do independent test results say?
If another vendor is claiming their product is better than what you’ve got, be sure to check whether their claims match up with what independent test labs find. These labs use cybersecurity experts to examine and evaluate features rigorously.
Look at different labs’ results carefully, because there are differences in the performance of different products. For example, AV-Test gave only one company’s endpoint protection top marks in detecting fileless attacks. Look at the results of several tests and see which products consistently score near the top of the list.
2. Can your threat prevention cope with the most sophisticated attacks?
With threats becoming ever more sophisticated by the day, products designed a decade back may not be able to cope with them.
Fileless attacks are particularly tricky because they’re designed to avoid triggering anti-intrusion protection. Blocking them would mean blocking legitimate software too.
Endpoint protection that has a behavioral engine does the job. A behavioral engine detects fileless threats at the execution stage by analyzing execution patterns, spotting the fileless attack among a myriad of legitimate processes. It then isolates the threat and restores user data. It also blocks vulnerabilities to prevent this happening in the first place.
3. Is it giving you enough management flexibility?
Older endpoint security technologies may not be designed for a heavily clouded IT sky. The cloud has led many companies to change how they do things, such as moving away from a centralized data center view of the world. They find it saves money and is more flexible. Security tools should be able to control new attack vectors that come with infrastructure change as well as the old ones.
No company wants to get lost in a forest of different management tools. Your solution should handle it all – cloud and on-premise – equally well from a central console, also known as a ‘single pane of glass.’
4. Does it support remote work?
The lockdowns around the world that followed the COVID-19 pandemic showed employees must be able to work from home, among other places.
Corporate networks need to be secure and resistant to attack from outside, but by definition, remote workers are outside that network. Existing software may not be able to handle it.
For secure remote working, your endpoint protection platform must be able to secure endpoints remotely. This is especially challenging when employees are using older operating systems.
5. Got automation?
Reducing human interaction gives your organization a boost in controlling unwanted activity. This is particularly true when using cloud because allocating workload becomes more complex.
There are modern security systems geared for this, often using artificial intelligence (AI.) AI-driven tools like Adaptive Anomaly Control bring automation to the task of sorting legitimate from nefarious activity, and constantly improves with machine learning. Businesses find these kinds of tools can significantly reduce staffing costs and related overheads.
6. Can it meet specialized needs?
On top of fileless attack protection, endpoint security most often comes unstuck on desktop firewall, ransomware protection and anti-exploit technology. As an example of why this matters, ransomware is a growing threat facing all organizations. To be effective, the software must protect not only impacted files, but also the disk to keep the master boot record intact.
Look at your specific needs and see if your security vendor offers that level of protection.
7. Is there enhanced visibility with endpoint detection and response (EDR?)
You need to be able to act fast on threats. To be effective, threat blocking should be married with analyzing the root cause.
EDR blocks threats and ensures attacks don’t hit other parts of the corporate infrastructure. It lets you see into all endpoints, for protection and threat analysis. And no matter how complex the attack, security managers have a real-time view of the threat. All this means faster response to a security incident.
8. Does it have an effective sandbox for advanced threat protection?
Where threats are designed to bypass endpoint detection, sandboxes give an extra layer of security to automate detection and response. The sandbox isolates and detonates malicious applications, to analyze and detect even advanced exploits in targeted attacks. It can be costly, because it usually requires a cybersecurity specialist.
Sandboxes are most effective when they’re easy to install and operate, scalable and don’t need specialist staff. Some endpoint products can’t quickly identify and neutralize threats, for example, rules that detect and block similar malware attacks. Security managers should consider whether their current product gives enough control. If not, there are others out there that do.
9. Does it have data protection with encryption management?
Integrated tools for data encryption come in two forms: Full-disk encryption (FDE,) preventing data leakage when a laptop is lost and file-level encryption (FLE,) protecting files when they’re transferred in untrusted channels. You can also set policies that only certain users can see unencrypted files.
Alarm bells should ring when an endpoint protection product doesn’t have effective encryption options. Laptops and other devices are often lost or stolen, so unencrypted files are a big risk.
10. Does it have vulnerability management and system hardening?
Many attacks happen through software vulnerabilities that could’ve been patched. It seems basic, but not every endpoint solution can check your system for preparedness and strength. Effective patch management makes sure you find security vulnerabilities early and take pre-emptive measures. System hardening reduces the chance of an incident by intelligently disabling some higher risk features and applications.
Companies are adjusting their IT infrastructure to support growth and respond to a changing world. Many will find their security products are no longer fit for a new business paradigm. It’s time to look again at whether your current protection is enough.
An effective endpoint security product should be able to meet all strains placed upon it. It will handle cloud and on-premises traffic with ease, all from a common platform. It will use automation to reduce the need for human intervention. The vendor should be able to back their claims with reputable lab tests.
Even with updates, having an older endpoint security system may mean your business struggles against today’s threats. Switching to an automated, comprehensive system, your company will be better able to cope with sophisticated attacks.
