4 minute read
SECURING THE NEW NORMAL
SECURING THE NEW NORMAL THE NEW NORMAL CALLS FOR A RETHINK ON ENDPOINT SECURITY, SAYS BEN CARR, CHIEF INFORMATION SECURITY OFFICER, QUALYS
For many years now, cybersecurity professionals around the world have been warning of a device explosion.
Advertisement
The most recent estimates from
Cisco claim that there will be three
IP-networked devices for every human on the planet by 2023, and half of all connections will be M2M.
Policing this trend — coping with the expanding attack surface — was difficult enough up until the end of 2019. Then an unprecedented global public-health crisis accelerated a parallel trend that will add a new layer of complexity to the security conundrum.
The Arab Gulf region is rapidly embracing remote working. In the first half of this year, many projects that were in the pipeline were sped into production in an effort to keep employees safe from the spread of COVID-19. In March, Statista reported that 35% of Gulf enterprises were either already working remotely, starting soon or exploring the possibility. Given the events of the past few months, we can only assume that remote working will be the norm, rather than the exception. In fact, a July survey from Robert Half, found that 80% of United Arab Emirates (UAE) employees would prefer to work from home, post COVID-19.
While such practices are vital components of any coherent publichealth response, millions of stay-athome workers will look like a banquet to bad actors. Unvetted endpoints are strewn across the region, inviting ransomware, enticing advanced threats, and encouraging phishing campaigns. CISOs must now look to the future, where it is likely our hybrid office will persist. Traditional security solutions, cumbersome and fragmented as they are, will no longer prevent, or even mitigate, digital incursions. Security professionals must now turn to integrated, all-inone endpoint detection and response (EDR) solutions to navigate these new waters.
Out with the old…
A few months before the WHO declared COVID a pandemic, a Gartner Market Guide report on EDR solutions revealed a decisive worldwide shift towards these nextgeneration approaches. Half of those
surveyed talked of plans that were earmarked for completion by 2023. The study noted the gap between legacy measures and EDR when it comes to threat coverage, response times, drilldown capabilities and damage analysis.
But as any IT stakeholder knows, setting aside the budget and calling in a deployment team is never enough. To make EDR work for the enterprise, internal processes will likely need an overhaul, and it may also be necessary to introduce some new ones. Like most useful technology solutions, EDR is only as good as the information it receives. A comprehensive asset inventory that includes all remote and intramural devices will allow you to map the road ahead more accurately, as you will know what entities are joining your network and what their vulnerabilities are. Without effective asset management, you live in a world of unknowns.
When employees connect from remote locations, implementation of EDR can be complicated. Use of a home Internet service usually requires a Virtual Private Network (VPN), which allows each endpoint to behave as if it were connecting at the office. Management of such a hybrid environment is greatly simplified — especially for those without access to a VPN — by using cloud services. These services can homogenise the network, treating remote and on-premises devices equally when it comes to pushing out software updates or monitoring suspicious processes.
Get smart
You also need to consider how your threat intelligence is generated and used. Encounters with malware and other sinister artifacts feed a growing knowledge base that arms you against future encounters. But you must collect vast amounts of data and log it in an easily retrievable format, to allow threat hunters and analysts the context they need to act in a timely and inciteful manner. Whether your knowledge base is generated from your own incident logs alone, or from collaborative pools, costs can vary wildly, as can effectiveness.
This is where effective asset management comes into play. By fixing the major flaws across all your endpoints as soon as fixes become available, you greatly minimise the impact of many attempted incursions. And by automating the prioritisation and deployment of patches, you free up security professionals to concentrate on more subtle tasks.
So how do you deliver on all these EDR requirements? Well, to ensure that you can respond to threats in real time, before they carry out their mission and deal damage to your network and your brand, you ideally need a lightweight cloud agent that performs a comprehensive range of security functions on each of your endpoints. This agent will constantly be on the lookout for vulnerabilities and misconfigurations, while sniffing out malware and suspicious activity. And it will be able to take remote control of endpoints to snuff out errant processes, quarantine files, patch vulnerabilities and exile exploits.
…in with the new
If you get your EDR approach right, you can optimise your threat posture to the point where you drastically reduce false positives and negatives, consign alert fatigue to the garbage bin of history, and deliver almost complete accuracy on your analyses. It is only then that you can achieve the real-time response capabilities necessary to be master of your own environment.
The scenario of more remote workers does not necessarily mean more management. It just calls for smarter management. With the right people, processes, and technology, CISOs can deliver a safe environment where innovators can take flight without having to worry about birds in the propellor. And when the region emerges from the economic downturn, entire industries will be more secure.