The role of human firewall training in a CTO’s strategy
When the pandemic forced companies to operate remotely, hastily and without proper planning, the lack of endpoint security controls became an immediate cyber security threat. Add in the human factor, 52% of businesses admit that employees are their biggest weakness in IT security, and unauthorised network access, ransomware attacks and data/information theft can easily become a reality.
When it comes to keeping endpoints secure, the most common solutions businesses choose are traditional Anti-Virus, Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR) solutions. We’ve compared the options, and broken down exactly what they cover to help you ensure you have the best endpoint security strategy.
What is Anti-Virus?
It’s been around for years and is substantially well known, but to summarise: anti-virus software is a program designed to detect and remove viruses and malware on laptops and computers.
Anti-virus solutions were a good first step for protecting businesses, however cyber criminals adapted at a faster rate than anti-virus vendors could keep up with. In a bid to move with the changing threat landscape, improved solutions known as next-generation anti-virus was released. Despite incorporating new technologies such as AI, they are still dependant on historical information, behaviours, signatures and definition updates.
What are Endpoint Protection Platforms (EPP)?
Endpoint Protection Platforms build upon next-generation anti-virus solutions by adding more advanced layers of security such as data encryption and personal firewalls. Like anti-virus, they are designed to block threats at device level.
According to Gartner, an EPP needs to;
- prevent file-based malware
- detect and block malicious activity from trusted and untrusted applications
- provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts
Whilst EPPs are an important part of endpoint security, detecting more malware than a standalone anti-virus solution, they still can’t detect or block unknown threats such as zero-day attacks.
Businesses need detection, investigation and response capabilities as well as prevention, which is why another layer of cyber security was created in the form of Endpoint Detection and Response.
What is Endpoint Detection and Response (EDR)?
The name Endpoint Detection and Response was coined by Dr Anton Chuvakin in 2013, during his time as Research Vice President at Gartner. Dr Chuvakin needed a term that would group together a group of tools rapidly coming on to the market that could detect suspicious activities happening on endpoints.
Where an EPP focuses only on prevention, an EDR solution detects and analyses threats that have been designed to bypass first line defences. It’s main activities include threat detection, containment, investigation and eradication.
“EDR tools… reflect a broader focus on all threats affecting endpoints, rather than the more narrow coverage of malware detection and prevention, as is the case for traditional anti-malware tools.” Jon Amato, Sr Director Analyst, Gartner.
So do I only need an EDR?
It depends on the EDR solution you are looking at – not all are made equal. A first-rate EDR solution should unify all the cyber security layers a company needs from prevention to cure. A powerful all-in-one solution should incorporate capabilities from both first-rate EDRs and EPPs.
For example, the EDR platform we deliver is driven by machine learning and offers the following capabilities:
Prevention: Static AI on the endpoint identifies, blocks and quarantines malware and ransomware in real-time.
Automated detection: Behavioural AI will recognise all forms of malicious actions including fileless, zero-day, and nation-grade attacks in real-time. On-agent intelligence means cloud connectivity isn’t needed to make a detection, reducing threat dwell time.
Threat hunting: Inspecting files for indicators of compromise, monitoring network activity and receiving notifications of any suspicious changes.
Automated threat response: Behavioural AI will surgically reverse and remove any malicious activity, allowing devices to heal themselves in real-time.
Full peace of mind: The EDR platform can run across public and private clouds, as well as on-premises. Protection extends across Windows servers, Linux servers, and Docker / Kubernetes containers.
To take your endpoint security even further, you can add on a managed cyber security service that includes a 24x7x365 enhanced monitoring by dedicated security teams and analysts.
Why choose OryxAlign for your endpoint security needs?
As a security focused service provider, we continuously review the fast-evolving threat landscape and develop our cyber security offerings accordingly. Our network and security operations teams across the world are already delivering advanced managed endpoint protection and security.
Our Securyx Threat Management service combines , using our combines powerful EDR technology from SentinelOne and 24x7x365 endpoint monitoring.
Securyx service highlights include:
- 24x7x365 SOC endpoint threat monitoring and management
- Immediate threat identification, response, and remediation
- Threat analysis and investigation
- Office 365 and Azure Identity Protection (Azure AD Premium P2 subscription required)
- Ransomware warranty of £750 per endpoint affected, capped at £750,000 per organisation
- Monthly service and compliance reporting
Get in touch to find out how OryxAlign can keep your business threat free and your users community protected.