Top Three Ways You Can Simplify and Automate Your Endpoint Protection, Detection and Response Capabilities
A new SANS 2018 Survey on Endpoint Protection and Response, co-sponsored by McAfee, reports that the top threats to organizations include web-based malware, social engineering and ransomware—all of which focus on user endpoints.
So what does that mean when you are trying to protect an ever-changing attack surface? The survey results point to three best practices to help you simplify and automate your endpoint protection, detection and response capabilities.
- Users and the web are still your biggest security risks
The top threat vectors for exploited endpoints take advantage of the hapless user: web drive-by (63%), social engineering/phishing (53%) and ransomware (50%). Because these top compromises rely on human actions, it suggests a need for increased monitoring and containment, along with user education. A variety of tools, including next-gen antivirus and automated EDR should assist in this mission.
- You’ve got to correlate to automate
The 277 IT professionals who took this survey voiced concerns about their endpoints and all agreed that the need for predictive technologies (such as machine learning) are needed to go from known bad elements to focusing on identification of abnormal behavior.
- If an endpoint fell in your forest, would you hear it?
The need for visibility is clear. Being able to feed into the detection and response systems automatically reduces the time to detect and remediate the threat. Though workflow automation and machine learning are key enablers to improve detection, remediation and response, organizations are falling short in their use (less than a quarter of respondents use them).
The takeaway
Improved analysis and automation tools are key to discovery and correction. Next-generation tools bring not only machine learning, but also automation to identify unexpected behavior. Equally important is having tools that provide ease of use for analysts to reduce the skills gap in our industry.
To address these needs we are constantly upgrading our capabilities and just released McAfee® Endpoint Security (ENS) version 10.6 which includes new capabilities to better protect customers from advanced threats. In addition, it’s simpler, with a single agent, single console and automated responses to targeted attacks. Just as important, it has advancements such as machine learning and zero-day containment.
If you haven’t watched our latest video below.
The post Top Three Ways You Can Simplify and Automate Your Endpoint Protection, Detection and Response Capabilities appeared first on McAfee Blogs.
More antivirus and malware news?
- 400 Mn Facebook Users’ Phone Numbers Exposed in Privacy Lapse: Reports
- Mobile malware evolution 2016
- Security Firm Uncovers ‘Strange’ Malware in Russian, Iranian Govt Computers
- Stolen credentials used to access United Airlines’ MileagePlus accounts
- China aims to grow local infosec industry by 30 percent a year, to $22 billion by 2025
- Data Security Firm Cyera Raises $300 Million at $1.4 Billion Valuation
- What is spear phishing? Why targeted email attacks are so difficult to stop
- Resolved: Most of CLC services unavailable morning 11/4/2013
- Resolved: Friends of Penn State (FPS) and Digital Identity Management Center (DIMC) Service Degradation
- The experimental phase is over: Atlassian bets on DX to deliver AI ROI