Endpoint security management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources. Endpoints can include PCs, laptops, smart phones, tablets and specialised equipment such as bar code readers or point of sale (PoS) terminals. Industry experts share insights on how CIOs can improve their endpoint security posture.
Endpoint security management systems, which can be purchased as software or as a dedicated appliance, discover, manage and control computing devices that request access to the corporate network. Industry experts share insights how CIOs can improve their endpoint security posture by developing comprehensive endpoint security management policies.
Pundits warn that in today’s world, without the use of proper tools such as endpoint protection on host computers and proper data security practices, users with careless attitude towards using unencrypted portable devices such as laptops, tablets and USB storage leave themselves and others exposed to possible data breaches that could be costly to the end user and can even compromise an entire organisation or government.
According to Mordor Intelligence, the cybersecurity market in the Middle East and Africa (MEA) was valued at US$1,903.59 million in 2020 and it is expected to reach US$2,893.40 million by 2026, registering a compound annual growth rate (CAGR) of 7.92% during the forecast period of 2021 to 2026.
Edison Mazibuko, Technical Director, DRS – a Cyber 1 company, said endpoint solutions had to evolve to cater for the distributed workforce whilst ensuring the same standard of security is provided inside corporate networks. Mazibuko said organisations need to consider breaking security silos by consolidating solutions and getting more from their endpoint security. “How these endpoints are managed is vital as we are seeing more organisations moving to the SaaS model, therefore, reducing complex infrastructure,” he said. “Having an endpoint solution with automated workflow capability will be the difference between keeping up with threats or playing catchup. The ability to integrate endpoint security with third-party integrations, such as threat intelligence feeds, will give any enterprise the edge against adversaries.”
Nicolai Solling, Chief Technology Officer, Help AG, said when choosing solutions for endpoint security management, CIOs must ensure that any potential solution is evaluated in terms of how well it can generate accurate telemetry and data in order to make the correct security decision and in terms of how good the solution is at detecting and stopping malicious activity on the endpoint.
Solling said it is also crucial to understand how an endpoint security solution would be integrated with existing solutions. “Establishing visibility on the endpoint is also key, as the endpoint is the foothold that cyber attackers use to reach their end target – corporate data,” he said. “Finally, before creating a plan for endpoint security management, CIOs should be clear on whether they can utilise cloud for storing data and managing their agents, because if not, the range of endpoint security solutions they can choose from is narrowed down significantly.”
Solling said it can be difficult to select an endpoint solution, as all endpoint security solutions fundamentally try to achieve the same thing – protecting the endpoint. “The threats they protect against are also similar, meaning that the value propositions and capabilities of different solutions are often alike. Evaluating the efficiency of a solution is also a relatively complex task, during which several factors need to be taken into consideration,” he advised. “Additionally, the discussion around choosing a solution often focuses on issues of economics, rather than understanding what the solution delivers.”
Shane Grennan, Channel Director Middle East, Fortinet, said to effectively address today’s advanced threats, organisations require visibility and control across their entire distributed networks.
Grennan said and while many security solutions are limited in terms of their capabilities, extended detection and response can help fill the gap. “Organisations must bring together all their security tools in a single location for enhanced visibility. For example, they can consolidate network security, endpoint security, email security and cloud security monitoring in a single platform to ensure the whole is greater than the sum of its parts,” he said. “This enables solution providers to deliver a differentiated customer offering that improves security posture while reducing security operations overhead.”
Even before the implementation, when evaluating an endpoint solution, resellers should consider different key factors in choosing the right vendor.
Attack surface
According to Grennan, man vendors’ solutions do not cover the entire attack surface, instead, they focus on securing one or a few different attack vectors individually, such as cloud, email or endpoints and call it XDR or extended detection and response. “When this is the case, XDR cannot demonstrate its true value, which lies in its ability to combine components across multiple attack vectors,” he said. “Secondly, even though they may offer a full range of security products and solutions, vendors that have acquired these components (especially ones with large install bases) individually over time may lack the resources and commitment for tight integration needed for higher-value analytics and automation. Third, most all vendors seem to focus on extended detection and extended response, skipping over the middle stage of investigation and validation. As a result, human security professionals still have significant effort ahead of them, especially as threat and alert volumes continue to grow.”
Samer El Kodsi, Channel Sales Director, Emerging Markets, EMEA, Palo Alto Networks, said with the massive technological innovation over the years, the cybersecurity sector has had to adapt and create new solutions for better safety of people and organisations. “About 20 years ago, an organisation’s data was behind corporate headquarters but now people have immediate access to data from the cloud through laptops, tablets and other devices,” he said. “Because we now have data everywhere – it is important to shift from the ‘layered defence model’ to the ‘zero trust model’, which is the ability to microsegment parts of your data or network environment and apply visibility and control. With the zero trust model, you can microsegment all your critical assets including machine, server or endpoint from the rest of the network with full visibility and available controls.”
Pitfalls to avoid
With endpoint protection management the number one priority for many organisations in MEA, what pitfalls should CIOs avoid when implementing endpoint security solutions?
Solling said CIOs should avoid thinking that all solutions are created equal. He added that the market contains many solutions with great capabilities, but it is also important to assess the effort required to operate and manage the solution before implementing it. “Running and operating an endpoint solution is relatively simple and most organisations of a certain size have this capability. However, getting value out of the data generated from a solution is a specialised task that requires insight into how systems and applications operate and being able to decipher data points is what takes a solution from good to great,” he enthused. “Thus, organisations should build their reservoir of these advanced skills through investing in existing employees with specialised training programmes, as well as investing in new hires to bring endpoint security experts into the organisation.”
According to Mazibuko, many organisations are migrating from endpoint protection platforms(EPP) to endpoint detection and response(EDR) route. “XDR is a new approach that provides visibility across endpoint, cloud, network and third-party data. This enrichment truly breaks down the silos taking endpoint security management to the next level,” he explained.
He said the convergence of network and security has brought the industry the secure access service edge(SASE). “This cloud-native model provides the benefit of a unified platform without the burden of legacy infrastructure. The solution is perfect for the hybrid work model, allowing efficient and secure access to cloud resources and seamless access to on-premises applications,” he said. “This convergence brings the best in connectivity(SD-WAN, NaaS) and security (FWaaS, endpoint security, web security and network security).”
Remote working
Given that most organisations are promoting remote working and adopting hybrid work models, CIOs need to factor in several considerations and scenarios when developing a comprehensive endpoint security management policy.
Meriam Elouazzani, Regional Channel Manager META, SentinelOne, said with many employees now working from home, organisations are exposed to a vastly increased attack surface and must re-assess their endpoint security strategies to ensure they are equipped for this new environment.
Elouazzani said it is no trivial task to provide the same levels of security for all these employees, operating outside the (relatively) safe perimeter of their offices and local intranet. “It’s best if organisations use endpoint security software that protect it against unknown forms of ransomware and other cyberattacks. One way to do that is through endpoint protection platform (EPP) that uses predictive execution inspection engines that go beyond file-based analysis – even mathematic algorithmic analysis – that observes the actual execution of every system process or thread, in real-time,” she said. “By understanding the execution behaviors of all applications, programs and processes in real-time, EPP should provide ultimate defense against any type of attack.”
According Elouazzani organisations must adopt a holistic endpoint security management practice and for this, they need complete visibility into their cyber environment. “You can’t protect what you can’t see, so it’s imperative for organisations to be able to map what is on a network and fingerprint devices to see what is connected,” she said. “With the help of an AI-driven endpoint protection platform, organisations can easily identify and see each and every device connected to the network.”
Palo Alto Networks’ El Kodsi, saidclearly, the pandemic has altered the ways of living, working and doing business, forever. El Kodsi said with the adoption of remote or hybrid work models, solution providers in the endpoint space need to work closely with CIOs, CISOs or IT heads of organisations and have full visibility into remote user activity. Rather than only investing in point solutions, they need to help their clients to consider security platforms to maximise integration between systems,” he said.
At Help AG, Solling said when employees are working remotely, the most important security capability an organisation has is the ability to deliver a robust endpoint. He noted that endpoint security solutions, endpoint configuration hardening and user awareness are key to achieving this. “It is also crucial to achieve visibility and protection independently of the user’s location, ensuring security efficiency whether an endpoint is on the corporate network or not,” he said. “Cloud services are massively useful here, but they come at the cost of the organisation trusting the endpoint security vendor with potentially sensitive telemetry data. Therefore, any evaluation should include an assessment of what data is required for the vendor to deliver a successful service and how the vendor is protecting the organisation’s data.”
Looking ahead, Solling noted that endpoint protection has undergone phenomenal development over the last five years and most of it stems from the innovative ability to embed Machine Learning in an agent. He added that another major shift is that agents now typically send the telemetry data they generate into large data lakes operated by the vendors of the solution. “The more data, the better the solution is at early detection of changes in the behaviour of threats. To an extent, the data that agents produce is becoming the real product offered by vendors, as more data means more protection,” he said.