Building a framework for effective, agile endpoint security

It's time to ramp up endpoint security.
It's time to ramp up endpoint security.

The mitigation of endpoint security risks has come increasingly under the spotlight over the past few years, due chiefly to a growing distributed workforce. It therefore makes sense that local businesses are making the necessary changes to their cyber security strategies to accommodate the protection of rising numbers of remote workers and their endpoint devices.

So says Gideon Viljoen, Pre-sales Specialist: ICT Security at Datacentrix, a leading hybrid ICT systems integrator and managed services provider, who explains that agile endpoint security measures – which are able to adapt quickly and easily to the changing attack landscape – are paramount for ensuring an effective first line of defence.

“With millions of Africans now working remotely, at least part-time, local businesses have had to amend their cyber security strategies to accommodate users who need remote access to mission-critical data and applications. In fact, recent research from Microsoft and IDC shows that 65% of South African organisations have invested in endpoint protection solutions, and 61% in access management.

“For those companies that still need to ramp up endpoint security, we have some straightforward advice to offer.”

The strategy behind endpoint security


It’s important to start with the basics and ensure that all endpoints and servers, as well as critical assets and devices, are covered by an anti-virus (AV) or anti-malware security product, explains Viljoen. “And, sticking with the basics, the patching of these devices and endpoints is an excellent way to ensure known vulnerabilities are not open to exploitation.”

With an ever-changing landscape and attackers using increasingly smarter techniques, machine learning (ML) and user behaviour analytics (UBA) have become absolute musts in the current landscape of cyber security, he continues. “In fact, for more mature cyber security portfolios, it is always better to have some form of ML and artificial intelligence (AI) in place, as these technologies can take the necessary action much faster than a human, leaving people to focus on critical risks.

“Furthermore, having an endpoint detection and response (EDR), or better yet, a cross-detection and response (XDR) solution in place, helps to identify, isolate and respond to suspicious behaviour on an endpoint or critical asset. These solutions also assist in reducing investigation and alert times, with far fewer false positives, which can tend to overwhelm engineers and analysts and cause alert fatigue.”

EDR and XDR solutions have helped to reduce response times considerably, providing effective protection against threat actors. However, their evolution is far from over, comments Viljoen, and with hybrid workforces not going anywhere soon, having agile solutions and technologies in place will continue to be beneficial to businesses.

Choosing the right endpoint technology (and partner)


The combination of a rapidly evolving landscape, changing attack strategies and new technologies being introduced on a daily basis means that organisations are under immense pressure to choose the ‘right’ endpoint security solution.

“Companies and their executives can be overwhelmingly bombarded with new technologies, and choosing the right solution for the organisation can be tough. With this in mind, it is essential that organisations wanting to outsource their cyber security requirements choose a provider that can provide technology solutions that are agile and quick to adapt and adopt, factors that far outweigh the cost element.

“Our recommendation is to look to independent, objective authorities like Gartner and Forrester for recommendations, which help provide guidance and greater confidence around which vendors and technologies are leading in which specific areas. Having a solution that is able to provide intelligence, visibility and response to the holistic network, while also being able to provide a single source of truth, is of utmost importance.”

When looking at potential cyber security partners, reference cases and business case studies can provide some confidence in selecting the best option for a business, Viljoen adds.

“Visibility of these mobile and hybrid ICT workforces is critical: no business can protect against, or remediate, what cannot be seen. It has become essential to ensure the provision of a solution that can deliver visibility of all devices and assets, regardless of where they are, as well as users and user behaviours. This will allow for reduced response times and decreased risk,” he concludes.


Share

Datacentrix

Datacentrix provides leading ICT integration services and solutions to South African organisations, ensuring their success and sustainability in the digital age. The company’s approach is to partner with its customers, equipping them with valuable insight and helping to align their ICT undertakings with their business strategy.

Datacentrix offers a deeply specialised skills component and is endorsed by the world’s foremost technology partners. The company is recognised for its agility, in-depth industry knowledge, proven capability, and strong overall performance.

Datacentrix is a Level One (AAA) B-BBEE Contributor, with 135 percent procurement recognition. For more information, please visit .

Editorial contacts

Nicola Read
icomm
datacentrix@pr.co.za