Building A Framework For Effective, Agile Endpoint Security

Lock on the converging point on a circuit, security concept - 3D Rendering

The mitigation of endpoint security risks has come increasingly under the spotlight over the past few years, due chiefly to a growing distributed workforce. It therefore makes sense that local businesses are making the necessary changes to their cybersecurity strategies to accommodate the protection of rising numbers of remote workers and their endpoint devices.

So says Gideon Viljoen, Pre-sales Specialist: ICT Security at Datacentrix, a leading hybrid ICT systems integrator and managed services provider, who explains that agile endpoint security measures – which are able to adapt quickly and easily to the changing attack landscape – are paramount for ensuring an effective first line of defence.

“With millions of Africans now working remotely, at least part-time, local businesses have had to amend their cybersecurity strategies to accommodate users who need remote access to mission critical data and applications. In fact, recent research from Microsoft and IDC shows that 65 percent of South African organisations have invested in endpoint protection solutions, and 61 percent in access management.

“For those companies that still need to ramp up endpoint security, we have some straightforward advice to offer.”

The strategy behind endpoint security

It’s important to start with the basics and ensure that all endpoints and servers, as well as critical assets and devices, are covered by an anti-virus (AV) or anti-malware security product, explains Viljoen. “And, sticking with the basics, the patching of these devices and endpoints is an excellent way to ensure known vulnerabilities are not open to exploitation.”

With an ever-changing landscape and attackers using increasingly smarter techniques, machine learning (ML) and user behaviour analytics (UBA) have become absolute musts in the current landscape of cybersecurity, he continues. “In fact, for more mature cybersecurity portfolios, it is always better to have some form of ML and artificial intelligence (AI) in place, as these technologies can take the necessary action much faster than a human, leaving people to focus on critical risks.

“Furthermore, having an endpoint detection and response (EDR), or better yet, a cross detection and response (XDR) solution in place helps to identify, isolate and respond to suspicious behaviour on an endpoint or critical asset. These solutions also assist in reducing investigation and alert times, with far fewer false positives, which can tend to overwhelm engineers and analysts, and cause alert fatigue.”

EDR and XDR solutions have helped to reduce response times considerably, providing effective protection against threat actors. However, their evolution is far from over, comments Viljoen, and with hybrid workforces not going anywhere soon, having agile solutions and technologies in place will continue to be beneficial to businesses.

Choosing the right endpoint technology (and partner)

The combination of a rapidly evolving landscape, changing attack strategies and new technologies being introduced on a daily basis means that organisations are under immense pressure to choose the ‘right’ endpoint security solution.

“Companies and their executives can be overwhelmingly bombarded with new technologies, and choosing the right solution for the organisation can be tough. With this in mind, it is essential that organisations wanting to outsource their cybersecurity requirements choose a provider that can provide technology solutions which are agile and quick to adapt and adopt; factors that far outweigh the cost element.

“Our recommendation is to look to independent, objective authorities like Gartner and Forrester for recommendations, which help provide guidance and greater confidence around which vendors and technologies are leading in which specific areas. Having a solution that is able to provide intelligence, visibility and response to the holistic network, while also being able to provide a single source of truth, is of utmost importance.”

When looking at potential cybersecurity partners, reference cases and business case studies can provide some confidence in selecting the best option for a business, Viljoen adds.

“Visibility of these mobile and hybrid ICT workforces is critical: no business can protect against, or remediate, what cannot be seen. It has become essential to ensure the provision of a solution that can deliver visibility of all devices and assets, regardless of where they are, as well as users and user behaviours. This will allow for reduced response times and decreased risk,” he concludes.