BY Elisha Riedlinger2 minute read

In the realm of cybersecurity, companies have historically relied on two main pillars of technology: endpoint and perimeter-based security. While technology has advanced, the fundamental need for these remains unchanged. Taking just endpoint security into account, is it adequate to protect the endpoint? Let’s dive into this question.

Endpoint security remains crucial, as it guards the closest access point to the cyber kill chain’s weakest link—the user. This fact is indisputable. Nonetheless, breaches persist, prompting scrutiny of its security effectiveness. Tools for endpoint security vary widely, from simple signature-based antivirus to comprehensive endpoint detection and response (EDR) systems, which I jokingly call digital video recorder (DVR) security. They capture vast amounts of data that require careful analysis to discern meaningful alerts from noise. However, as cyber threats evolve, so must our defenses. Endpoint security, while essential, cannot function in isolation. It must be part of a broader cybersecurity strategy that includes proactive measures such as continuous monitoring and advanced threat intelligence.

Subscribe to the Compass newsletter. Fast Company's trending stories delivered to you daily Privacy Policy | Fast Company Newsletters

ENDPOINT SECURITY IS NOT A STAND-ALONE SOLUTION With that said, using endpoint security tools as a stand-alone solution comes with limitations. They range from the reliance on signatures to the time-consuming nature of AI-based detection, which struggles to differentiate normal from abnormal behavior. Zero-day threats and techniques like “living off the land” further challenge endpoint security’s efficacy. In response, some vendors integrate limited backup functionalities into their security suites, aiming to mitigate slow or missed detections by restoring compromised data. Nevertheless, these solutions encounter similar speed and reliability limitations as backup and fail to bridge the gap effectively.

Backup solutions, while providing a safety net against data loss, often suffer from slow recovery times and the risk of backups being damaged or corrupted. This introduces vulnerabilities and uncertainties in the event of a security breach or system failure, highlighting the need for a more robust approach to data protection and recovery. UNDERSTAND YOUR ORGANIZATION’S RISKS To address these shortcomings, understanding the risks within one’s organization is a required task. Frameworks provided by organizations like MITRE and NIST offer invaluable guidance, aligning themselves to modern-day iterations of the cyber kill chain and enabling organizations to identify potential gaps and vulnerabilities within their security stack.

advertisement

NIST’s framework, for instance, simplifies this process by categorizing activities into five key functions: Identify, Protect, Detect, Respond, and Recover. Diving deeper into (e.g., Detection), organizations must evaluate the efficacy of their detection capabilities. Said differently, you need to ask yourself the tough questions, such as: What happens when my detection fails? Should doubts arise, adopting innovative, data-driven detection methods might be necessary, focusing on detecting changes in data rather than specific malware signatures. BRIDGE THE DIVIDE