Read Time: 2 Minutes
When thinking about endpoint security we usually try to answer the question of how to protect the endpoint and its user against threats. But we forget that endpoint security is not just about protecting the endpoint – it’s also about protecting the whole environment against potentially compromised endpoints.
With this in mind, we need to know something about malware that tries to compromise endpoints. There are different motivators for malware attacks. Many of them are attempts to gain entry into the company network and steal confidential information; others go straight for the money, for example by infecting browsers with banking Trojans that access company or endpoint user bank accounts. We also have to consider the “insider attack,” where the attacker is one of the end-point users himself. Motivations vary and so do the threats.
Once we’ve put all the threats into perspective and evaluated their intentions (access to corporate data, money, etc.) we can start thinking of the steps to take to protect against them, to be capable of reacting to attacks and, in case of a security breach, to recover from it.
So endpoint security is the ability to Protect, React and Recover.
Concentrate on the general things you should take care of. They will not and cannot prevent malware attacks by themselves, but they will limit the malware’s resources for execution and thus lower the success rate of infecting the endpoints and/or spreading through the network. You will see that the key elements of protection are knowledge of threats, your network with its users, and awareness spreading.
Once you take care of the needed protection steps you need to ensure that you can react to the threats. In this phase, your needs are in monitoring and managing the endpoints and the security software installed on them. Also keep in mind that the overview of the security situation of the whole network is really important. The key element, however, is that your security solution must be easy to use – complexity will only hide the threats.
Now you should be able to PROTECT your endpoints and the environment and you have the ability to efficiently REACT to appearing threats but now you also need to have a RECOVERY strategy which would help you in cases where the malware was still able to penetrate your security. You may never need it (let’s hope not!) but it’s better to have a plan in case something does happen, than to find yourself in trouble and not knowing what to do.