Cisco Blogs
Share

4 Key Questions To Determine If Your Endpoint Security Is Up To Snuff

- November 28, 2017 - 0 Comments

Machine learning. Next-generation antivirus. Artificial intelligence. These are all terms you likely see in your inbox on a daily basis from various endpoint security vendors. Meanwhile, you’re trying to protect your business and don’t have time to assess the 50+ vendors touting the latest tool designed to solve all of your endpoint security problems and world hunger at the same time.

So how can you cut through the noise? The basic questions you’ll need answered during an incident are:

How did it get in? Who is affected? What is it after? How do we stop it?

These are all questions you should be able to answer with your endpoint security. If you can’t, yours might not be up to snuff. You don’t have the time to do a full assessment of the 50+ vendors who are calling you every day with their new-fangled tool that will solve your endpoint security problems and world hunger all at the same time.

Here are 4 key questions to ask that will help you identify if a solution is a potential fit:

  1. Does the solution integrate prevention, detection, and response capabilities in a single solution? Point-products needlessly drive costs up and efficiencies down. Ain’t nobody got time for that! Especially when integrated solutions are available that address the bulk of your needs. Look for a solution that blocks as many threats as possible up front, then goes a step further to continuously monitor everything else. Trust should be earned. And when malicious activity is detected, the solution should automatically take action, not send more alerts that you don’t have time to deal with.
  2. Are there agentless detection capabilities? Endpoint agents can’t be installed on some endpoints, including legacy systems, unsupported operating systems (yes, we still see Windows XP out there), and many IoT devices creating blind spots within your network. Fileless malware is also on the rise, and might not be visible to an endpoint agent. This includes in-memory malware and browser injections. Therefore, your next-gen endpoint security solution should provide some level of agentless detection. Using another point product that claims to be “integrated” (the term ‘integrated’ can be used very loosely), is a half measure.
  3. Does it provide automated response? Responding to threats can be difficult and time consuming, but it doesn’t have to be. When an event is qualified and turns to an incident, sadly many security teams I’ve spoken to do not have the tools to quickly respond and remediate. A next-gen endpoint security solution will enable you to respond quickly and comprehensively. Look for solutions that accelerate investigations and reduce management complexity by searching across all endpoints for indicators of compromise (IoC’s) and malware artifacts, easily connect the dots across all endpoints and the network, and systemically respond to and remediate malware across PCs, Macs, Linux, and mobile platform – automatically or with just a few clicks.
  4. Can the endpoint security solution work with your network security solutions, or at the very least a security management platform? As mentioned above, automated response should be a requirement in your next endpoint security tool. That capability should also extend from the endpoint to the remainder of your security architecture. The endpoint is the last line of defense, thus it should be informing your first line of the threats detected so they can be blocked from entering in the future. Building an integrated threat defense architecture is no easy feat, very few companies have been able to do it – like Cisco.

See how Mobile County Public Schools addressed their endpoint security needs in a simple, automated way:

And don’t forget to always ask for proof. Test for yourself, and ask to see demos – but don’t rely solely on vendor provided samples.

Be sure to visit our Next-Generation Endpoint Security page to see how we are securing endpoints, both on and off the network.

Tags:

All comments in this blog are held for moderation. Your comment will not display until it has been approved

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share