What is your Security Plan? (Part 3 of 4)
When’s the last time you took a step back and took an honest look at what you and your organization were doing to address IT security? In the first of this four-part series we highlighted a few things you should be concentrating on regarding email security and training your end users to know what is and what is not a phishing attempt while also keeping your machines fully patched. In the second part of the series we focused on Next Generation Firewall’s (NGFW), Web Application Firewalls(WAF), and Denial of Service(DoS). In this third part we will focus on Advanced Endpoint Protection.
To begin, let’s discuss at a high level how traditional Antivirus software installed on endpoints functions. An endpoint is typically a laptop, desktop, server, and more recently, mobile devices. Traditional Antivirus vendors like Symantec, Trend Micro, McAfee, and Sophos have all been around for a long time and are what most people think of when they hear Antivirus. These solutions were all founded with the idea of installing software on endpoints that scan the files on the endpoint and compare them to signatures of known bad files. If a file matches a signature of a known bad file it is quarantined so that the endpoint is not affected.
You may be asking yourself “What exactly is Advanced Endpoint Protection?,” and you are not alone in trying to determine exactly what this means. At the root, Advanced Endpoint Protection is more than just the traditional Antivirus software that has been installed on laptops, desktops, servers and other endpoint devices. Beyond the base definition is where things get very interesting, though most of options do not include the traditional Antivirus functionality, which complicates the way which most people initially think of Advanced Endpoint Protection.
One flavor of Advanced Endpoint Protection is “Endpoint Detection and Response (EDR),” which defines a category of tools and solutions that focus on detecting, investigating, and mitigating suspicious activities and issues on hosts and endpoints. In some cases, these tools give you a clear path to determining what was affected in a security breach and where it spread.
Another flavor of Advanced Endpoint Protection is “Advanced Threat Protection,” by Microsoft. This is Windows Defender Advanced Threat Protection and is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph.
Then there are products that are a combination of all the above and incorporate other features such as vulnerability scanning and application usage reporting.
The IT security landscape is rapidly changing and Thrive can help you navigate the enormous number of options available today. Please contact us for more information on updating your Security Plan. Be sure to check back for Part 4 of this series where we will dig into how to incorporate a Security Information and Events Management (SIEM) and/or Security Operation Center (SOC) into your Security Plan.