Change is the only constant in cybersecurity. Organizations face a complicated balancing act between managing complex IT infrastructures and defending against threats. In fact, over half of the organizations surveyed in ESG’s recent report, The Endpoint Security Paradox, reported a cybersecurity shortage, and 80% agreed that managing endpoint security has become increasingly difficult over the last two years. Why? Attackers are streamlining and upgrading their techniques while companies struggle to keep pace with defenses. For the first time in the last decade, “addressing new types of malware” replaced “reducing costs” as the top IT priority, according to ESG’s IT Spending Report. Quite simply, what worked in the past is no longer working today, and organizations are learning—sometimes the hard way—that legacy endpoint practices, processes, and technologies are no longer sufficient to block attacks.
How Escalating Threats are Impacting IT Security
Symantec reported in their 2015 Internet Security Threat Report that 317 million new malware variants were introduced in 2014. Keeping up with the sheer volume of variants is daunting for organizations. Establishing visibility across multiple endpoint security products and managing the typical 3+ security clients deployed on each endpoint[i] makes moving from firefighting to process-driven protection a losing battle.
ESG’s research confirmed that too many organizations have allowed “checkbox requirements” and immediate tactical problems to undermine effective long-term security strategy. The irony is that 93% of security professionals believe they have the right endpoint security policies, processes, and technologies in place, yet over 30% are merely focused on meeting compliance requirements and nearly 40% claim that the security staff is overwhelmed with putting out cybersecurity fires.
How to Win the Cybersecurity War Within
The good news is that organizations can immediately improve their security posture by conducting a security self-assessment. Building a strong defense begins by standardizing endpoint protection and learning the product inside and out—including the core technologies beyond antivirus and the integrated advanced capabilities.
What Else Can You Do to Secure Your Organization?
- Use layered protection at the endpoint—Enabling the full-protection stack in Symantec Endpoint Protection is the first step in defending against web-based attacks, unpatched vulnerabilities, drive-by downloads, mutating malware, and suspicious file behavior. For example, one of the many protection layers of Symantec Endpoint Protection is the host-based firewall. This can be used to control communication to and from the system as well as prevent someone from trying to fingerprint the system or perform a DOS attack. If the firewall component detects the attempts, it will blacklist the IP and alert the end user and admin of the attack. Other layers of defense against attacks are the Host Intrusion Prevention component, Insight™, and SONAR™. These protection technologies protect the operating system and vulnerable applications from being exploited.
- Reduce the attack surface—Reduce the possible points of infection by restricting the applications allowed to run, the devices allowed to connect, and the actions a system can perform.
- Keep browser plugins patched—Use the browser’s auto update or software distribution tools to install patches as soon as they become available.
- Block P2P usage—Create and enforce a NO-peer-to-peer (P2P) policy, including home use of a company machine.
- Turn off AutoRun—Stop network-based worms from jumping from USB keys and network drives without changing company polices on Open Shares.
- Ensure all OS patches are applied—Many threats function by exploiting known vulnerabilities for which patches are available.
View the original content and more from this author here: http://ift.tt/1J9IL6m
from cyber security caucus http://ift.tt/1HXHmhC
via IFTTT
No comments:
Post a Comment