Prevent, Detect and Remediate: Enforcing Proactive Responses to Today’s Endpoint Vulnerabilities

January 21st, 2016

Organizations are more global, complex and mobile than ever before – so naturally, the state of endpoint security is changing as well.

The challenge is that traditional security solutions, such as anti-virus and anti-spyware software, aren’t built for 24/7 compliance with consideration to today’s sophisticated and evolving cyberattacks. Alone, these traditional solutions lack the capabilities to monitor and defend the overall infrastructure.

Organizations need to address these changes and be more proactive about their endpoint security.

To give you an idea, multiple reports last year indicated that Canada is ‘failing’ in the fight against cybercrime. Pair that with the latest Ponemon Institute’s Cost of Data Breach Study: Canada, which indicated that 52 per cent of data breaches were caused by malicious hackers, while system glitches and human error represented 24 per cent of all data breaches. This mounted to an average total organization cost of $5.32 million for Canadian companies.

The industry is telling us that businesses need to be more aware and proactive in their security infrastructure. So what should organizations do?

Prevent suspicious behaviour on an ongoing basis

Implement a single endpoint platform, such as IBM’s BigFix, designed to monitor all your devices, see them in real-time and prevent suspicious behaviour from occurring – 24/7, on and off the network. Sometimes it can make the greatest difference to simply flag unusual activity.

When considering endpoint security, blocking suspicious or malicious behaviour is pivotal to prevent a vulnerability from being compromised – after all, it only takes one compromised endpoint to allow attackers to hack the entire system.

Detect threats and mitigate before an exploit

Time is critical – much more so when there is a window of opportunity for malicious hackers. What once took days, hackers can now do within hours. When a patch is released, cybercriminals will have access to information on exactly how to exploit the vulnerability and create weaponized codes. That’s why it’s crucial to ensure threats are detected and escalated immediately.

Remediate with a rapid response plan

Even in the most highly secured environments, breaches will occur. Therefore, beyond implementing prevention and threat detection software, organizations need to supply themselves with specific remediation functionalities to mitigate an attack once it has been identified. Those targeted endpoints need to be quarantined, and then restored to its original state as quickly as possible.

IBM’s BigFix for instance, disables ActiveX controls or dynamic-link libraries (DLL) as soon as a vulnerability is identified, allows the ability to migrate to a new browser and updates endpoint protection controls with verifications.

Be it desktops, mobile devices, servers or kiosks – endpoints are evolving all the time. Every endpoint in an organization is a point of vulnerability, and it only takes one slip or error to allow malicious attackers to enter the entire system. It’s extremely crucial for executives to create an adaptable security roadmap, so that when – not if – a breach occurs, the organization is out of harm’s way.

John Beal - IBM Endpoint Security and Saas Leader, Canada

John Beal is the National Endpoint Security and Saas Leader for Canada. Previously he was the Sales Leader for Mobility and Endpoint Solutions across Canada and the Caribbean. He has 20 years experience with IBM across both Hardware and Software.