Industry Insights with Gedeon Hombrebueno

Endpoint Security , Open XDR

Why Visibility Is Critical for Reducing Endpoint Security Complexity

See Beyond Endpoints to Stay Secure From Increasing Threats
Why Visibility Is Critical for Reducing Endpoint Security Complexity

Endpoint security is often the linchpin for all enterprise security, with an ever-increasing number of endpoints of all kinds, from laptops to servers and mobile devices, that need to be protected.

Inside the enterprise, endpoints benefit from a sheltered environment, but in the modern, remote, distributed world, that shelter is gone. Now that employees have left the building and are working from essentially anywhere, many organizations today have a dramatically larger attack surface. The potential risk associated with an unprotected landscape of endpoint devices is a primary reason why so many organizations are calling for endpoint security investments right now to secure remote work.

It's an unacceptable risk to have endpoints out in the field that are unprotected. But how do you know if an endpoint is vulnerable?

Endpoint Security Is Not an Island

Simply having antivirus protection on an endpoint doesn't fit the bill for modern security. Malware signatures are only as good as the latest signatures that you have, and threat actors are always one step ahead with techniques to bypass known signatures. If an endpoint doesn't have the latest and greatest protection along with robust detection and response solutions, you'll always be falling behind.

Endpoint security is not just about having a single security capability on a single device. Today’s modern attack surface includes server and cloud workloads, network devices, SaaS apps and more. No one device is ever operating in isolation. This makes endpoint security a critical control point for modern architectures such as SASE, zero trust and XDR.

Defending an endpoint is about leveraging multiple prevention techniques. These include antivirus, machine learning and behavioral protection as well as the ability to piece together malicious activities on the endpoint and beyond - on the network and in the cloud - not to mention responding to threats quickly and completely.

The Complex Threat Landscape

Just trying to stay one step ahead of adversaries is hard enough, but there are at least three other key factors that increase complexity for many organizations:

  • Time and resources: Organizations of all sizes are struggling to have the right level of IT resourcing in place.

  • Expertise: There is a shortage of staff that fully understand modern security techniques such as threat hunting and dealing with advanced threats.

  • Evidence: There are too many "noisy" alerts generated by different systems from multiple security control points. Finding actual evidence that clearly identifies a security incident has occurred is often a challenge, as is understanding how to remediate that incident.

Organizations have tried to hire more and buy more tools, but rather than decreasing complexity, more tools typically cause more complication. Instead of one security agent or one console, there are many. Instead of one source of truth, there is none.

How to Reduce Endpoint Security Complexity

The key to enabling an effective endpoint security system is to have a layered platform approach that not only secures the endpoint but leverages endpoint telemetry to help enable and secure advances in security architecture, including zero trust, SASE and XDR.

At the most basic layer, it's important to have the right level of protection that will automatically block known and emerging threats. Not all threats are known and can be blocked - that's where visibility and response come into play.

With visibility, an administrator knows what files, sites or services were opened or accessed and executed. To block more, you have to see more - and you have to respond faster. Visibility isn't just about the endpoint. It includes awareness of the broader threat landscape and access to the latest and greatest threat intelligence.

Finally, to reduce complexity you need automation. Given the challenges of time, expertise and evidence, automation is the most effective way to handle the volume and speed that endpoint security now requires. And it can be achieved faster and better with a platform approach to security.

Endpoints are more important than ever as the primary interface to our connected world. To reduce complexity and effectively provide endpoint security today, make sure you have a comprehensive platform that brings extended protection, detection and response in an automated manner that reduces complexity and enables a secure hybrid workforce.

About the Author

Gedeon Hombrebueno

Gedeon Hombrebueno

Manager, Product Marketing

Gedeon Hombrebueno is a Manager at Cisco. He is focused on bringing to market Cisco's Endpoint Security and Email Security solutions - helping customers protect, detect and respond to advanced threats. Gedeon has extensive product marketing, product management and integrated marketing experience for enterprise solutions across Cybersecurity, DevOps and Network and Systems Management.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.