Cloud Security and Governance – Mind the Security Gap
Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with ever increasing speed and…
End Point Protection has long been THE security solution most businesses would consider minimum adequate protection across an organisation. End Point protection is a critical element of any security architecture for businesses of any size from the smallest businesses to the largest corporations. Organisations falling under regulatory laws and requirements MUST run anti-malware software as a part of their compliance requirements.
Often seen as a commodity type product or solution most businesses believe all Endpoint Protection Platforms (EPP) are the same. Vendors would disagree and state their point of differentiation. From our experience commoditisation isn’t completely true for all platforms. Although most platforms have at their core Anti-virus/ Anti-Malware capabilities, solutions now offer a plethora of feature sets and management options.
Common feature sets include:
The solutions are however evolving to include Detection and Response features and capabilities such as:
As is often the case with business requirements and solutions, there is no one size/ solution that is fit for all businesses. As usual the selection and deployment of the right product set depends on the business size, risk appetite, available budgets, compliance requirements, internal resources (available for management, monitoring and response activities) and workload use cases.
Outside of features and capabilities of the various vendors a number of operational metrics should be included within the evaluation criteria.
Secure-ISS recommend the inclusion of the following:
Over the short to midterm, automated approaches to Incident response are going to be required by organisations large and small! Although not all solutions offer up complete integration at present, for organisations that have a SOC or SOC as a Service (SOCaaS), integration requirements should be considered during an evaluation and selection process.
Why you should consider EPP for Servers as a separate conversation?
With today’s Server workload environment driven by trends such as VMs, Containers, and Hybrid Cloud deployments across Private and Public Cloud, specific tools and strategies need to be considered for these workloads. As such it make sense for businesses to consider the requirements for this workload as a separate exercise from the Endpoint Protection (Desktop/ Mobile) strategy.
In addition to going to market and selecting a product set for internal management and maintenance, organisations have an increasing option of taking requirements to market and purchasing the capability on a consumption based service model. Secure-ISS offer such a Managed Security Service (MSSP) model.
A few years ago Next Gen AV was all the (marketing) rage. The approaches to detection via Machine Learning, static and dynamic analysis and behavioural based analytics sounded the death knell of Signature only vendors. The marketing and hype has (thankfully!) somewhat subsided and the technology in our opinion is a good addition to the overall EPP landscape. In keeping with our theme and recommendations on a Multi layered security approach, Secure-ISS recommends that businesses evaluate solutions that offer a number of detection capabilities.
Although a core component, End Point Protection should be overlayed with other security strategies and solutions in the essential capability to ensure a minimum level of protection for any business.
Secure-ISS can assist with your End Point Protection strategy, through overall security and risk strategy, solution requirements gathering and design, procurement and management. To discuss your End Point strategy or your layered security approach, please get in touch with one of our team.
In September 2017 Gartner defined End Point Protection Platforms as:
…” An EPP is a solution deployed on endpoint devices to prevent file-based malware, to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts.”…
Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with ever increasing speed and…
Penetration Testing Penetration testing is essentially recreating malicious attacks in order to exploit and identify gaps within an organisational system.…
Vulnerability Management – Assessment and Patching An effective Vulnerability Assessment (VA) approach Organisations are most likely to fall victim to…
Managed Detection and Response (MDR) What is a Managed Detection and Response service? Managed Detection and Response services extend an…
Endpoint Detection and Response Solutions – EDR / XDR / MDR Endpoint Protection Platforms (EPP) are ever evolving, changing, and…
SOAR – Security Operations, Analytics and Reporting Orchestration and Automation of incident response are key elements for resource constrained Security…