Photo by Philipp Katzenberger on Unsplash

What is “Endpoint Security

While the concept of “Endpoint Security” is simple, its execution and operation aren’t. What exactly is “Enpoint Security” and what is an “Endpoint Security Solution

Endpoint security is the concept of security measures placed at each “endpoint” or device accessing an enterprise network. This can include desktops, laptops, phones, and even internal servers. Traditionally this would include things like: Anti-virus (AV), Endpoint protection platforms (EPP), and Endpoint detection and remediation (EDR). While the main concepts of protection haven’t changed much over the years, the complexity, features, and components have. While looking for an Endpoint Security Solution (ESS) it’s essential to keep a few things in mind. I think of the acronym F.U.N.D.S

Full Deployment:

Stack of devices

While cost saving measures are crucial to efficiency, a full deployment of an Endpoint Security Solution is just as crucial to your network integrity. While there are always exceptions to this rule, if a device that is compromised is allowed access to other parts of an enterprise network there’s always risk of malware and other breach vectors to infect non-ESS protected devices. Perhaps one device had security policies misconfigured, or any other software glitch that lapsed its integrity, having a full deployment of an ESS allows for more complete protection that would most likely save you more in the long run, instead of paying for even costlier remediation solutions.

Understand the Endpoint Security Solution:

USA electricity usage

There’s a lot of buzzwords floating about the “Endpoint Security Solution” market. Understanding what they mean could be the difference between a solution working best for your company or completely failing it. While you don’t have to understand the technical side of how these ESS products work, you should understand the limitations of the product and design a policy around those limitations. For example, an Endpoint Security Solution could be advertised as a “Completely cloud based solution designed to rid you of Legacy AV for complete protection.”

Let’s unpack that a little bit. Cloud based protection sounds great! However, put in the right context it could be not so great. Imagine you’re a company that works heavily in areas that don’t have cellular reception and/or easy access to the internet, or you have a small percent of employees that go hours/days without an internet connection.  What does that mean for the integrity of those devices? The “Cloud based” part, which is the entire solution, is effectively nullified to zero-day threats and/or other breach vectors. That’s just a small example of buzzwords that sound great but could spell some security limitations. While there’s backups for most of these pitfalls discussed, understanding the limitations of the products is key.

Not without a Demo:

Man using two laptops

Imagine installing a great new product! It provides every aspect of security you need, it runs with little resource usage, and it’s affordable to boot! You install it on your devices, and then the next day your operations crash from an unknown bug. What happened? Most likely there wasn’t an in-house demo ran for the product and your security integrity and/or your business operation lapsed losing you revenue. It’s good practice to perform inhouse testing on ALL new solutions you add to your enterprise infrastructure, and security is no exception.  

Do your Research:

Computer code on a screen

This idea is a pretty broad one. Do your research on…everything. Do your research on competitor solutions to the one you’re using/and or considering.  Do your research on your business hardware and business needs. What issues are you trying to solve? Understanding and researching every aspect of your Endpoint Security Solution is great way to cut costs down the line from breaches in areas that’ve been overlooked. Breaking down your idea of how and what an ESS should do and accomplish for your business is a great starting point.

If you followed all the points in this list, some of the understanding of what Endpoint Security Solution means should already be apparent, and that means there’s only the business side to focus on next. A good rule of thumb to keep in mind is accurately defining a problem. For example. You’re not trying to solve ransomware, that will always be there. What you’re trying to solve is the occurrence rate of it.

Solicit the right questions:

Red question mark painted in a room

This is most likely the last part of your “ESS” selection journey. By this time, you’ve done your research, understand the solutions, and tested it out. You should be able to solicit the right questions. Ask about limitations like “Cloud based” security and how it functions without connection to the internet. Look into how their “multi-layer” security functions with just one of the layers turned off. Ask them about your specific software infrastructure. Inquire about how their AI detects zero-day threats, and what does it do differently than the other solutions out there. This is a crucial part of the process, and this is also most likely where you can save the most time, which in turn saves the most money.  

Check out more Cybersecurity News and Tips Here

Some of the ideas here were inspired by Lidia Giuliano and Mike Spaulding and their Black Hat USA 2017 presentation on Endpoint Security

Leave a Reply