Top Three Ways You Can Simplify and Automate Your Endpoint Protection, Detection and Response Capabilities
A new SANS 2018 Survey on Endpoint Protection and Response, co-sponsored by McAfee, reports that the top threats to organizations include web-based malware, social engineering and ransomware—all of which focus on user endpoints.
So what does that mean when you are trying to protect an ever-changing attack surface? The survey results point to three best practices to help you simplify and automate your endpoint protection, detection and response capabilities.
- Users and the web are still your biggest security risks
The top threat vectors for exploited endpoints take advantage of the hapless user: web drive-by (63%), social engineering/phishing (53%) and ransomware (50%). Because these top compromises rely on human actions, it suggests a need for increased monitoring and containment, along with user education. A variety of tools, including next-gen antivirus and automated EDR should assist in this mission.
- You’ve got to correlate to automate
The 277 IT professionals who took this survey voiced concerns about their endpoints and all agreed that the need for predictive technologies (such as machine learning) are needed to go from known bad elements to focusing on identification of abnormal behavior.
- If an endpoint fell in your forest, would you hear it?
The need for visibility is clear. Being able to feed into the detection and response systems automatically reduces the time to detect and remediate the threat. Though workflow automation and machine learning are key enablers to improve detection, remediation and response, organizations are falling short in their use (less than a quarter of respondents use them).
The takeaway
Improved analysis and automation tools are key to discovery and correction. Next-generation tools bring not only machine learning, but also automation to identify unexpected behavior. Equally important is having tools that provide ease of use for analysts to reduce the skills gap in our industry.
To address these needs we are constantly upgrading our capabilities and just released McAfee® Endpoint Security (ENS) version 10.6 which includes new capabilities to better protect customers from advanced threats. In addition, it’s simpler, with a single agent, single console and automated responses to targeted attacks. Just as important, it has advancements such as machine learning and zero-day containment.
If you haven’t watched our latest video below.
The post Top Three Ways You Can Simplify and Automate Your Endpoint Protection, Detection and Response Capabilities appeared first on McAfee Blogs.
More antivirus and malware news?
- Ransomware Attack Hits Health Firm LabCorp
- Security certificate problem trips up Bing Web site
- Microsoft Windows Win32k CVE-2019-1364 Local Privilege Escalation Vulnerability
- Microsoft previews Edge browser on Linux
- Majority of CISOs plan to ask for an increase in cybersecurity investment
- AsiaHitGroup Gang Again Sneaks Billing-Fraud Apps Onto Google Play
- Privacy groups lodge complaint over Facebook’s acquisition of Whatsapp
- Palo Alto Networks Zingbox Inspector CVE-2019-15023 Information Disclosure Vulnerability
- 360 million newly pilfered account credentials found in underground forums
- Meet the Chevy Bolt, the First Electric Car for the Masses