Industry Insights with Richard Henderson

Advanced SOC Operations / CSOC , Endpoint Detection & Response (EDR) , Endpoint Protection Platforms (EPP)

4 Tips for Implementing a Mature Endpoint Security Strategy

Insights on Vulnerability Management and Incident Response
4 Tips for Implementing a Mature Endpoint Security Strategy

A mature endpoint security strategy can significantly reduce the risk of an incident leading to a larger breach.

As your first line of defense, investing in endpoint security helps prevent or at least slow the spread of threats, maintain some level of operations and protect users. An effective endpoint security strategy can be as layered as you want it to be. But you'll have a strong foundation if you build off of four strategies which I outline in my new latest webinar, Four Essential Strategies for Endpoint Security and Protection

Strong asset management and software auditing followed by vulnerability management and dealing with incidents are all essential.

We all hope bad things won't happen, and we work incredibly hard to mitigate the risks inherent in operating and managing technology today. But it's inevitable that something will happen. Balancing the needs of your business against the exposure to threats, which is as much art as science, makes vulnerability management one of the most critical pieces of your security puzzle. It's also one of the hardest to keep up with. For this reason, you must also have a plan and process in place for dealing with incidents. Here are four steps:

Step One: Triage and Prioritize Resources

Regularly run vulnerability scans of known assets for weaknesses and vulnerabilities, cross-referencing against asset lists. Use a consistent scoring system or tool to remove biased judgement from vulnerability assessment and fix critical vulnerabilities right away. Keep note of exceptions during scans and have a plan to re-assess low risk vulnerabilities, which may become high risk later.

Step Two: Automate

Automation is the key to maximizing resources. Automated patching tools can help push patches, while GRC tools can provide an exceptional level of value to understand your overall business risk.

Step Three: Have (and Practice) Your Plan

As cliché as it is, if you fail to plan, you are planning to fail. Clearly define what constitutes an incident and breach with a clear understanding of the compliance rules and breach notification laws that may apply during an incident. Based on the incident, you'll need clarity on who responds, who is notified - and how quickly these steps need to happen. When you practice, it will become clear how quickly you can get systems back online, if your backup plans are solid, or if your forensic team is able to conduct their investigations with minimal operational impact.

Step Four: Learn From Your Incidents

How you learn from your incidents is almost as important as how you responded. Fully investigating the how and why, and reporting to all parties with easy-to-understand reports, can help build better bridges between security staff and other business units, creating a more effective and collaborative security program throughout your organization.

Learn more about the key strategies for building and maintaining a comprehensive ecosystem of management and security controls for all of your endpoints in our webinar, Four Essential Strategies for Endpoint Security and Protection

Four Essential Strategies for Endpoint Security and Protection

Watch webinar now.

About the Author

Richard Henderson

Richard Henderson

Head of Global Threat Intelligence, Lastline

Richard Henderson is Head of Global Threat Intelligence, where he is responsible for trend-spotting, industry-watching, and evangelizing the unique capabilities of Lastline's technologies. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground. He is a researcher and regular presenter at conferences and events and was lauded by a former US DHS undersecretary for cybersecurity as having an "insightful view" on the current state of cybersecurity. Henderson was one of the first researchers in the world to defeat Apple's TouchID fingerprint sensor on the iPhone 5S. He has taught courses on radio interception techniques multiple times at the DEFCON hacker conference. Henderson is a regular writer and contributor to many publications including BankInfoSecurity, Forbes, Dark Reading, and CSO.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.