The way we think about cybersecurity has changed over the past few years and this means we now need a holistic approach to cybersecurity. With threats increasing, and more people working away from the office, the way we protect the endpoint has made us IT professionals think differently.
Traditionally, we would ensure we had a good Firewall on the network that would do most of your network security. It would block viruses, stop intruders and scan your web browser for malicious pages. In addition to this, you would have anti-virus software on your desktop. This would detect viruses and malware.
Now we are mostly working away from the office, we no longer connect to the corporate network to get Internet access. A lot of the systems we use are cloud-based and we access them directly. Also, going through the corporate network can slow things down so it is more important than ever that you have endpoint protection on your desktop.
If you think about it, you may not be accessing the network to browse the web but you will be accessing network resources to carry out your daily tasks. So, if you are not directly protected you can still infect the network, and therefore all other home or office users who access network file shares.
So, what is the answer?
It is quite simple really, instead of traditional Anti-Virus (AV) you need to move to a next-generation endpoint threat detection solution.
What does Endpoint Threat Detection do for my business?
In simple terms, a threat detection solution will take traditional anti-virus and add on a system that will detect and prevent attacks from Ransomware, Zero-day threats and exploits and it will use artificial intelligence to work out end-user behaviour to determine if any files have been infected. By implementing this software, you can add peace of mind to your network security because without these solutions the average time it can take to detect a breach on your network is 206 days. Which quite frankly is very worrying, imagine the damage that can be done and data that can be collected in that time?
What is a holistic approach to cybersecurity?
In simple terms, our holistic approach has three stages. First is Technology, Then people and finally governance.
We have talked a bit about technology already, below are the components that make up the technical solution.
To understand we need to look at what next-generation threat detection will do for your business, how it works, and, what it does. We also need to understand the individual components. So, let’s look at them first.
Endpoint Protection (EPP)
EPP is designed to detect and block threats at the device level. This will be done using anti-virus, anti-malware, data encryption, device firewall, intrusion protection and data loss prevention.
Endpoint Detection and Response (EDR)
EDR is a system that will combine all of your EPP elements and use artificial intelligence (AI) to provide real-time anomaly detection and alerts and will automatically rectify the issue. You will then have the ability through the software to carry out the forensic analysis.
A Zero-day attack is one that exploits a serious software security weakness (i.e. a system that hasn’t been updated or patched) that a vendor may not be aware of. Once this has been detected it is a race against time for the software programmer to fix that weakness.
Having behaviour detection on your network can be one of the most beneficial components of next-gen anti-virus. By continually monitoring the activity on the endpoint, the installed agent can act as a sensor and inform the control panel about files being run and the context of the execution of the file. This allows the identification of the endpoint but also any suspicious activity. We can even categorise these instances as indicators of attack (IoAs) with a high degree of accuracy without getting a lot of false positives.
So, by adopting all the technologies I have talked about and understanding a little bit about how cyberattacks happen, we can pretty much help to reduce or eliminate attacks on your business. But the next step you might like to think about is end-user security training. Your users are your weakest part of your cyber defences and by educating them you will have a holistic approach to cybersecurity. For more details on end-user training, you could read my blog Stop end-users causing security incidents.
Finally, if you have done both the Technology and People, why not have it officially recognised and go for the Cyber Essentials accreditation and get the official Government seal of approval and show your staff and customers that you take cybersecurity seriously. For more details on our Cyber Essentials services, you can go to our Cyber Essentials page.
How can Unleashed help?
If you have spent any time trying to find out what the best next-generation endpoint protection system that would suit your business is, then there is every possibility you will be confused. There are hundreds out there and to be fair, most of them all do the same things. Albeit slightly differently! Unleashed can help, we have done the research and looked into all the products for you and as an independent consultant, can be totally unbiased to any product. Having said that we do have our favourites and they come from Panda, F-Secure and Webroot. We are happy to have a chat with you to discuss the benefit and costs of each to find out what suits you best.
When it comes to cybersecurity training and Cyber Essentials we can help too. Unleashed have been leading the way in helping businesses to implement cybersecurity solutions and our Technology Consultants are only too happy to help. You can contact us through the website or you can email if you prefer the old fashioned way pick up the phone and give us a call (we don’t bite) 0333 240 0565