Industry Insights with Richard Henderson

Data Security , Endpoint Detection & Response (EDR) , Endpoint Protection Platforms (EPP)

4 Tips for Implementing a Mature Endpoint Security Strategy Insights on Vulnerability Management and Incident Response
4 Tips for Implementing a Mature Endpoint Security Strategy

A mature endpoint security strategy can significantly reduce the risk of an incident leading to a larger breach.

As your first line of defense, investing in endpoint security helps prevent or at least slow the spread of threats, maintain some level of operations and protect users. An effective endpoint security strategy can be as layered as you want it to be. But you'll have a strong foundation if you build off of four strategies which I outline in my new latest webinar, Four Essential Strategies for Endpoint Security and Protection

Balancing the needs of your business against the exposure of threats, which is as much art as science, makes vulnerability management one of the most critical pieces of your security puzzle. 

Strong asset management and software auditing followed by vulnerability management and dealing with incidents are all essential.

We all hope bad things won't happen, and we work incredibly hard to mitigate the risks inherent in operating and managing technology today. But it's inevitable that something will happen. Balancing the needs of your business against the exposure to threats, which is as much art as science, makes vulnerability management one of the most critical pieces of your security puzzle. It's also one of the hardest to keep up with. For this reason, you must also have a plan and process in place for dealing with incidents. Here are four steps:

Step One: Triage and Prioritize Resources

Regularly run vulnerability scans of known assets for weaknesses and vulnerabilities, cross-referencing against asset lists. Use a consistent scoring system or tool to remove biased judgement from vulnerability assessment and fix critical vulnerabilities right away. Keep note of exceptions during scans and have a plan to re-assess low risk vulnerabilities, which may become high risk later.

Step Two: Automate

Automation is the key to maximizing resources. Automated patching tools can help push patches, while GRC tools can provide an exceptional level of value to understand your overall business risk.

Step Three: Have (and Practice) Your Plan

As cliché as it is, if you fail to plan, you are planning to fail. Clearly define what constitutes an incident and breach with a clear understanding of the compliance rules and breach notification laws that may apply during an incident. Based on the incident, you'll need clarity on who responds, who is notified - and how quickly these steps need to happen. When you practice, it will become clear how quickly you can get systems back online, if your backup plans are solid, or if your forensic team is able to conduct their investigations with minimal operational impact.

Step Four: Learn From Your Incidents

How you learn from your incidents is almost as important as how you responded. Fully investigating the how and why, and reporting to all parties with easy-to-understand reports, can help build better bridges between security staff and other business units, creating a more effective and collaborative security program throughout your organization.

Learn more about the key strategies for building and maintaining a comprehensive ecosystem of management and security controls for all of your endpoints in our webinar, Four Essential Strategies for Endpoint Security and Protection

Four Essential Strategies for Endpoint Security and Protection

Watch webinar now.


About the Author

Richard Henderson

Richard Henderson

Global Security Strategist, Absolute Software

Henderson is an experienced cybersecurity professional with a demonstrated history of working in the computer and network security industry. He is a regular (non-sponsored) contributor to online properties such as CSO, Dark Reading, Forbes, etc. In addition to being a strong writer, speaker/presenter and mentor, he is the global security strategist for Absolute Software where he influences the strategic security direction of our customers and prospective customers. A strong leader and communicator with expertise at a global level, Henderson provides security consultation to many parties and helps evangelize Absolute's industry-leading and unique security offerings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing gdpr.inforisktoday.com, you agree to our use of cookies.