327 new threats every minute. More than 5 every second. That’s the state of the world’s threat landscape according to Avecto.
As you can probably guess, the challenge for organizations and their dedicated cyber security teams lies within the sheer volume of threats and being able to keep up with those threats.According to the Ponemon Cost of Malware Containment report, “16,937 alerts are created per week on average, but just 705 are investigated.”That means 16,232 are forgotten about. Weekly.Many professionals have argued if the best approach lies in Network Security, while others praise the benefits of Endpoint Security. So which is better?Network security
is protection of the access to files and directories in a computer network against hacking, misuse and unauthorized changes to the system. An example of network security is an anti-virus system.Endpoint security
is the process of securing the various endpoints on a network, often defined as end-user devices such as mobile devices, laptops, and desktop PCs; endpoint security addresses the risks presented by devices connecting to an enterprise network.“Where network-based security solutions are strong is in their ability to provide you with a wealth of information about the network traffic and threats blocked. The side effect of this is the amount of noise generated by potentially thousands of warnings. This can lead to false alarms, large management overheads or live attacks being missed,” says Avecto.Of those threats that are investigated, deep analysis takes time, which can mean network-based solutions can prove restrictive to users, making it hard to balance security and user experience.From the perspective of Digital Guardian, “what differentiates endpoint security from the well-known anti-virus software is that within the endpoint security framework, endpoints bear some or all responsibility for their own security. This is in contrast to network security, in which security measures encompass the network as a whole rather than individual devices and servers.”While it seems from my research that Endpoint Security is the champion in this fight, what organizations really should focus on is an integration of both aspects. However, not an easy feat but critical nonetheless in protecting sensitive data.“By integrating network and endpoint security, organizations are afforded greater visibility over the entire range of security threats that they face, both in real time and for historical analysis. Security events seen on hosts and endpoints can be fed back into network security controls, allowing more accurate decisions to be taken and more proactive protection applied across all resources based on the context of the threat seen,” suggests Bloor Research.In order to move towards successful implementation of endpoint security practices, you must understand the various aspects and requirements.To hit you with a further vocabulary lesson, two components of an endpoint security solution are endpoint encryption and application control. Endpoint encryption
fully encrypts your enterprise data on endpoints, including laptops, mobile devices, and other endpoints.Application control
prevents the execution of unauthorized applications on endpoints and solves the challenge of employees downloading unauthorized or dangerous applications on mobile devices.IBM recommends in conjunction with these components, three more that they consider ‘critical.’ Those are:
- Multilayered endpoint defense
- Low operational impact
- Dynamic intelligence
Phil LaCorte, Manager of IT Operations for Golden Tech says too many organizations “Gloss over the word endpoint and focus on the word protection…To illustrate this, consider how ridiculous it would be for a bank to lock its outer doors every night while leaving the vault wide open. Financial institutions don't make this mistake; instead, they implement layer after layer of protection to ensure the security of their assets. A layered approach to IT security is also the only effective one and consists of multiple varied elements, such as network perimeter security, strong password policies, effective end user education, data access logging, and above all, a disaster recovery solution.”Looking at the Microsoft bottom-up approach, which suggests security begins with devices then moves to software, identity, access control and lastly to detection, rather than the other way around, companies can get a better handle on their organizational data security.With ever-changing business models, particularly those which allow a ‘bring your own device’ policy, it is crucial for companies to secure not only the networks inside their walls, but each device with a remote connection to those networks and access to sensitive data.
The essential layers of endpoint security prevent problems like data leaks from occurring intentionally or unintentionally through the copying or transfer of data to removable media devices. The Fundamental Endpoint Security Skill Certification
Course teaches how infrastructure endpoints are configured, networked, and managed to provide adequate information security.Impress your boss with your knowledge of endpoint security and convince him why it’s necessary. But first, brush up on best practices.Additional reading:How to Approach Cyber Security for Industrial Control SystemsNext Generation Security with Endpoint Detection and ResponseFundamental Endpoint Security Best Practice: Securing Privilege on the EndpointOlivia Lynch (Cybrary_Olivia)
is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.