From our guest contributor, Corey Lancaster Sr. Cybersecurity Solutions Architect
Basic Upkeep and Awareness
The best approach and solution for Endpoint Detection and Response is to prevent it from happening in the first place. Prevention can be broken down into a few identifiable categories. Often, IT leaders and Senior Management focus on the “block and tackle” approaches by default, and although this is a viable option that adds corporate governance value, reduces risk, and minimize operational losses, it isn’t a comprehensive strategy for complete endpoint protection. The following items include three steps an organization can take towards endpoint protection.
Step One- Educate
Empowering an educated user-base is the primary objective in endpoint detection and response. It is the user who is most susceptible exposure to malware, viruses, and other malicious elements that could potentially contaminate the organization’s infrastructure. It is the end user who can decisively avoid contamination of malicious software (malware) with the support of awareness training. If the user can avoid the malware, the technology has nothing to detect. By producing a highly aware and educated end user-base, organizations can reduce the time of both detection and response.
Step Two- Keep It Clean
Endpoint Detection and Response is greatly minimized by performing basic maintenance, or as I like to call it, hygiene habits. We must bake-in, basic housekeeping into our daily hygienic routines. Regular updates, such as operational software patching, endpoint updates, and vulnerability management can contribute to the security of the organization’s overall infrastructure. Many incidents that I have been involved with were remediation efforts after a cyberattack that a malicious actor utilized an exploit or vulnerability where a simple patch available could have prevented the attack.
Step Three- Relevant Support
So far, we have discussed how educating the end users and keeping software and endpoints up-to-date both reduce the risk of endpoint compromises. Now, let us dive into the scenario after an endpoint device has had an anomaly. Once an endpoint system has been compromised, what are the best practices to stay both operational and aware of such anomalies? Once again, the focus is on people being educated, experienced, and aware. Having qualified team members are the key to any part of an IT organization. However, when it comes to the sophistication of complex malware detection, containment, and response, superstar level employees are the minimum. Adequately, experienced staff is vital to the continuity of operation with the various toolsets in detecting and responding to endpoint compromise. All the technology in the world is powerless when the staff is unprepared, non-responsive, or simply out-matched by the attacker. Hiring well-rounded IT and security-focused employees is a challenge. With the various flavors of college degrees, experience, and certifications available, streamlining skillsets down to those that meet your business objectives is imperative.
Bringing It All Together
In summary, there are many IT technologies that one can deploy to enable a level of security for endpoint detection and response. Before one spends precious capital on sophisticated tools and technologies, I recommend that we get down to basic hygiene and routine maintenance. Often, cyberattack prevention is possible by providing cost-effective, obtainable solutions. These solutions include routine end user training and education, applying readily known and available security and software patches, and hiring the right staff members, or consultants, that can respond adequately in the event an endpoint is compromised.