Endpoint Protection Platform

Introduction

Endpoint Protection Platform primarily includes malware detection capabilities and comprehensive endpoint security features such as firewalls, email antivirus, filters, Host IPS, device control, application control, mobile antivirus, and encryption. It provides protection to the central network of a corporate or business. It is beneficial to the business since it can minimize operation costs by providing simple daily security processes and optimizing response time. Most endpoint security is capable of developing security reports for analysis in an instant reducing time to about 45% and reducing incident response time by 31% (Metcalf, 2015: Dominguez, 2016).

In choosing an EPP, the first question to ask is the platform coverage such as the operating system requirements including those for mobile devices. Most products support certain email or messaging platforms only, so that is also important to determine. Next is the detection rate of the security features. This will help in evaluating the performance of the product. Last is consider the price of the product and the support offered by the vendor. In a business setting, the price of an EPP is important since licenses are typically paid annually (Tittel, 2015).

One of the worst practice in selecting an EPP is being overly consumed with the features presented and forgetting the original objectives for buying. Most of the time, consumers would acquire products based on the number of processes it can perform while neglecting whether such processes are needed or satisfy the companies’ requirements. Another worst practice is consumers may demand fixed prices but neglecting to state the requirements. Thus, a product can be acquired at a lower price, but with fewer features (Schaeffer, n.d.).

Do Software Companies Need Application Lifecycle Management tools?

Application Lifecycle Management (ALM) is “the specification, design, development, and testing of a software application.” It covers the whole lifecycle including even those disciplines considered to be separate in traditional methods (Inflectra Corporation, 2006).

Pro: ALM aids the organization in meeting the government and industry standards. If the organization is facing problems with application development and deployment, ALM can provide simple solutions. ALM can integrate the entire systems development procedure, improve communication between teams and leaders, increase the speed to market and maintain project documents standards (Owen, 2015).

Con: ALM is not essentially required if the organization can run smoothly even without it. Despite the support ALM can provide, as of the moment, it is costly. It induces reliance on software which may lead to a decrease in the creativity of the employees (Ballas, 2010).

Identity governance and administration (IGA) allows the smooth management of user information through the system. Users access this information to perform their functions (Rowling & Mergel, 2016). Traditionally, users and their access are managed through an application based procedure. IGA combines and performs these procedures while applying policy-based rules. Thus, through this automation process, IGA helps in saving costs especially for large companies with more than 1000 employees or possible users (Macrae, 2015).

One of the most significant provisions of IGA is the standardization of the entitlement as part of a management. All of the things associated with an account is treated as an attribute. It simplifies the management of users and groups (Iverson, 2015).

Another importance of using IGA solutions is compliance to standards as set by the governing bodies. Fines can be avoided by regulatory authorities from loose data protection and security (Macrae, 2015).

Gartner stated that about 70% of unauthorized data access is committed by the companies’ employees. First, remote computers with insufficient protection are accessible to a third party if it is left unattended or lost. IGA solutions now include security and protection for this type of threats (Hatchimonji, 2013). Second, a user may be able to send information to a third party through e-mail or messaging. Third, is sharing files on P2P networks (Beaver, 2006).

Authentication is the process of proving who the user claims to be by using passwords or biometrics. Authorization defines what the user is allowed to access and perform, including the timing of access using a set of attributes (Olzak, 2013).

IGA provides identity management which ensures that each user and the computer is designated with a set of meaningful attributes for authorization and authentication. It provides the user with a manageable and traceable presence across the system (Olzak, 2013).

Security information and event management (SIEM) solution collects all logs, user events, software activities and traffic within networks. These features aid in mitigating insider security threats.

Most of the data thefts today are from internal sources, and one of the most convenient methods is using flash drives. These devices are hard to detect when used in stealing data. It has become so small that physical detection would be impractical and almost impossible. The device can also get lost or stolen allowing another party to access company data (if it contains one). Through SIEM log file review function, such flash drives can be detected. It also allows the user to disable a selected USB device. Moreover, the user is allowed to the data written and deleted or modified and copied from the USB drive (Prism Microsystems Inc., 2011: “Log Management & SIEM,” 2015).

Use of unauthorized applications such as using unlicensed software, outdated versions, or malicious programs can open up security holes. SIEM allows software usage tracking through the log file review capability of the program – that is even without using Windows Audit Policy. Aside from that, it also helps in detecting unauthorized deletion of company files (Swift, 2010).

SIEM provides real-time alerts by implementing rules to the system. For example, once an unwanted event takes place as identified in the rules set by the company, a notification is sent to the liable person. This will help in preventing more damage if not prevent the threat to occur (Prism Microsystems Inc., 2011).

Cyber-attacks are now occurring on a daily basis, with more sophisticated threats being developed. Due to the increasing frequency of cyber-attacks, companies are recommended to obtain or invest in cybersecurity (“Top 10 reasons to invest in Cybersecurity,” 2015: Sjouwerman, 2015).

Once an attack has become successful, overcoming these attacks could be very costly. This includes the downtime it will cause, the damage to the company’s PR, the opportunity that will be lost due to the attack and the legal fees (Sjouwerman, 2015).

Recent reports show that the target of cybercrime is usually small to medium enterprises or SME. Some SME’s would think that they were unlucky to be attacked or were handpicked, but in reality, attackers are using software to detect websites with minimal security or those that can be breached easily. It is the CEO’s responsibility if the organization is vulnerable enough to be targeted (Prime, 2015). 

Bibliography

Ballas, L. (2010, March 16). Application Lifecycle Management. Retrieved October 28, 2016, from http://itproforum.org/archive/201003_ballas.pdf

Beaver, b. (2006, January ). Five common insider threats and how to mitigate them. Retrieved October 29, 2016, from http://searchsecurity.techtarget.com/tip/Five-common-insider-threats-and-how-to-mitigate-them

Dominguez, J. (2016, March 21). Endpoint protection platform (EPP) vs Endpoint detection & response (EDR). Retrieved October 28, 2016, from http://blogs.cisco.com/security/endpoint-protection-platform-epp-vs-endpoint-detection-response-edr

Hatchimonji, G. (2013, October 14). Insider threats and how they can be mitigated. Retrieved October 29, 2016, from http://www.csoonline.com/article/2134076/network-security/insider-threats-and-how-they-can-be-mitigated.html

Inflectra Corporation. (2006). What is Application Lifecycle Management – learn the tools & methods. Retrieved October 28, 2016, from https://www.inflectra.com/SpiraTeam/Highlights/Understanding-ALM-Tools.aspx

Iverson, B. (2015, March 5). Identity governance and administration: How we got here – Brian Iverson. Retrieved October 29, 2016, from Compliance, http://blogs.gartner.com/brian-iverson/2015/03/05/identity-governance-administration-got/

Log Management & SIEM. (2015, February 17). Retrieved October 29, 2016, from https://www.tenable.com/solutions/log-management-siem

Macrae, D. (2015, July 7). How to pitch identity governance and Admin technology to your CFO. Retrieved October 29, 2016, from Security, http://www.techweekeurope.co.uk/security/security-management/identity-governance-admin-technology-171933

Metcalf, E. (2015, March 30). Endpoint security questions every leader should ask. Retrieved October 28, 2016, from Business, https://blogs.mcafee.com/business/endpoint-security-questions-every-leader-should-ask/

Olzak, T. (2013, February 21). Insider threats: Implementing the right controls. Retrieved October 29, 2016, from http://www.techrepublic.com/blog/it-security/insider-threats-implementing-the-right-controls/

Owen, G. (2015, July). Do organizations need ALM software? Retrieved October 28, 2016, from http://searchsoftwarequality.techtarget.com/feature/Do-organizations-need-ALM-software

Prime, R. (2015, June 22). Why businesses need to go back to school on cyber security. Retrieved October 29, 2016, from Security, http://www.information-age.com/why-businesses-need-go-back-school-cyber-security-123459681/

Prisms Microsystems Inc., (2011). The Top Ten Insider Threats and How to Prevent Them. Event Tracker, Columbia MD.

Rowling, R., & Mergel, T. (2016, April 19). Identity governance solution Edmonton. Retrieved October 29, 2016, from http://www.servicecontrol.com/2016/why-an-identity-governance-and-administration-iga-solution-may-be-your-best-option/

Schaeffer, C. CRM software selection best practices and worst practices. Retrieved October 28, 2016, from http://www.crmsearch.com/crm-selection-best-practices.php

Sjouwerman, S. (2015). The top 5 reasons to invest in Cyber security. Retrieved October 29, 2016, from https://blog.knowbe4.com/the-top-5-reasons-to-invest-in-cyber-security

Swift, D. (2010). Successful SIEM and Log Management Strategies for Audit and Compliance. The Sans Institute

Tittel, E. (2015). Endpoint security fundamentals: Procuring antimalware protection. Retrieved October 28, 2016, from http://searchsecurity.techtarget.com/feature/Endpoint-security-fundamentals-Procuring-antimalware-protection

Top 10 reasons to invest in Cyber security. (2015, December 4). Retrieved October 29, 2016, from Threat Brief, http://threatbrief.com/top-10-reasons-to-invest-in-cyber-security/

Related Posts

Leave a comment

security