Read Time: 6 Minutes
Endpoint protection (EPP) has been around for a long time.
Other security innovations have since come along, including detection & response services and different vulnerability management tools. These technologies are important – even essential – but they haven’t replaced EPP as the cornerstone of corporate cyber security.
Why is endpoint protection still relevant? It’s simple: it guarantees a basic level of security hygiene across your organization’s digital presence. And if you’re a modern business in any sense of the word, your digital presence could as well BE your company.
Although EPP is (hopefully) part of every business’ overall security strategy, it doesn’t mean that you don’t need to pay attention to it. Endpoint solutions are not all created equal and even the smallest of differences matter.
To help you analyze your current situation, we have created a comprehensive but quick Endpoint Security Test. It gives you a good overview of your current situation, and helps you identify potential weaknesses and areas of improvement.
If you’ve already completed the test, or are otherwise aware of your pain points, continue forward into our tips and recommendations!
1. Assess risks
Assessing risks is a core component of any successful security strategy. It’s no use buying solutions and services based on feature lists and marketing promises, if they’re not relevant to your specific situation.
Now, our EPP test is a great place to start. It shows you the areas where your security might be lacking and gives you useful comparisons to other companies in your industry, country and size bracket.
But proper risk analysis doesn’t end there. Once you have a basic idea about where you currently stand, it’s time to turn things up a notch.
GET EVERYONE’S PERSPECTIVE = A good place to start is talking to the experts within your own organization. Bring all the business functions together and get them to talk to each other. What is the estimated impact of a specific cyber risk in a holistic way – including IT, Legal, Sales, Marketing, Operations and other departments?
BENCHMARK = Try to find example cases from companies similar to you (same industry, size, employee headcount or operating model) and apply the known outcomes from those cases into your own situation. How have they handled breach situations or organized their cyber security? Read reports, attend conferences and talk to your colleagues.
ANALYZE RISK SCENARIOS = What are the most relevant cyber threats for your organization? If you operate an online store, perhaps you need to pay special attention to sensitive customer data like credit card and social security information.
In this scenario, how would an attacker potentially breach YOUR infrastructure? By injecting malicious code through a phishing email and hijacking your payment transaction software? Using a vulnerable Java browser plugin to insert themselves onto your system and moving laterally across other endpoints?
REVIEW AND REITERATE = Proper risk analysis is a continuous process, repeated over and over and over. There’s always something: new threats and attack trends, new technologies, new business cases, new priorities – you get the point.
By establishing a successful loop based on the previous three steps is the only way to stay on top of your security outlook. Make a habit out of it! Monthly risk meetings might seem a bit gloomy at first, but they’ll pay off in the end – we promise.
If you’re looking for some software assistance, look into vulnerability management. Make sure the solution you get can scan both your internal IT infrastructure, as well as those of your partners and the wider internet.
2. Cover the basics
After you have a good idea of where you stand currently, it’s time to get your hands dirty. And like building a house, we’re starting with the basics.
SECURE YOUR DEVICES = You need a modern firewall to protect both inbound and outbound traffic across all computers, mobile devices and servers. This is best achieved with a combination of “traditional” antivirus and behavioral analysis.
SECURE YOUR SOFTWARE = Get rid of software you’re not using and disable unessential features. Leverage your OS’s built-in security components (e.g. Bitlocker) and apply relevant patches as soon as possible.
SECURE YOUR PEOPLE = Machines don’t make mistakes – people do. Teach your employees the basics of information security and make sure they follow proper protocol when it comes to access rights, password management and suspicious emails.
SECURE YOUR NETWORK = Shut down all but the most essentials ports and protocols. Limit user privileges to local and required systems, and remove or limit remote access capabilities. Secure all in- and outgoing traffic, and regularly monitor and review network logs for suspicious activity.
Sounds like a lot? Just remember – you don’t need to do all this alone. A holistic EPP package should include all the components to help you achieve a solid security baseline.
3. Ramp up security
Once you have conducted a risk assessment and covered the basics of IT security, you will be in a position to focus on high-value actions to safeguard critical operations. This is where those previous scenarios you laid out with your inter-function teams will really start to come in handy.
OPTIMIZE OPERATIONS = Continue with endpoint protection, but start looking into optimizing basic features and investing into advanced security components you deem necessary.
Bring up that scenario list and get granular. How relevant is the threat of ransomware to your specific situation? Look into back-ups, and advanced monitoring aimed at high-risk and high-value folders.
Want to boost your defenses against attacks based on PowerShell and Batch scripts? Invest into an application control feature and configure it based on your specific situation.
PREPARE FOR POST-BREACH ACTIVITIES = The threat landscape has changed, and breaches are a reality for every company and individual on the face of the earth. It’s best to think about it this way: you WILL get breached. What matters is your capability to catch the intruder and handle the aftermath.
Visibility and established processes are key. Look into detection & response solutions to give you a better chance of detecting malicious activity on your network. Draw up crisis management and incident response plans, and circulate them around the key stakeholders.
CONDUCT CYBER SECURITY DRILLS = Got your plans? Start practicing.
Cyber incident drills are one of the most important things every single organization should be doing. It’s no use having a plan, if you don’t test and get comfortable with it.
TALK TO EXPERTS = This might be something to consider already before this, but leveraging expert resources is one of the best ways to elevate your security from passable to superior.
Knowledgeable cyber security consultants possess vast technical knowledge and insight into attackers’ mindset. They’ve also handled a lot of real information security cases, from incident response and forensics to risk analysis and training. Essentially, they live and breath the thing which is your worst nightmare.
Following these guidelines should take you closer to your ideal security protocol. This is a good framework, but you also have to spend some time finding your own way – each company is unique and context matters.
Just remember: despite the best of intentions, careful planning and thoughtful execution, you might still run into some problems. Important projects are never easy, but don’t get discouraged. The payoff will be worth it.