Device security is no longer about traditional antivirus versus next-generation endpoint protection. The truth is you need a layered and integrated defense that protects your entire digital terrain and all types of devices—traditional and nontraditional. ESG Senior Principal Analyst Jon Oltsik frames it this way: “… endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls, and advanced detection/response tools.”
In today’s survival of the fitte st landscape , he re are five ways to not just survive , but thrive:
1. More tools do not make for a better defense.
Scrambling to adapt to the evolving landscape, many security teams have resorted to bolting on the latest “best-of-breed” point solutions. While each solution may bring a new capability to the table, it’s important to look at your overall ecosystem and how these different defenses work together.
There are serious shortfalls in deploying disparate, multivendor endpoint security technologies that don’t collaborate with each other. Because point solutions have limited visibility and see only what they can see, the burden of connecting the dots falls on you. Adversaries are quick to take advantage of the windows of opportunity these manual processes create, evading defenses or slipping through the cracks unnoticed.
2. It’s not about any one type of countermeasure.
As a never-ending array of “next-generation” solutions started to emerge and flood the marketplace, you were likely told more than once that antivirus isn’t enough and what you need to do is switch to next-gen. In reality, it’s not about achieving a next-generation approach or finding the best use for antivirus. It’s really about implementing a holistic device security strategy that connects and coordinates an array of defenses. This includes signature-based defense (which eliminates 50% of the attack noise—allowing algorithmic approaches to run more aggressively with less false alarms), plus exploit protection, reputations, machine learning, ongoing behavioral analytics, and roll-back remediation to reverse the effects of ransomware and other threats.
Each device type has its own security needs and capabilities. You need to be able to augment built-in device security with the right combination of advanced protection technologies. The key to being resilient is to deliver inclusive, intelligently layered countermeasures— and antivirus is a tool that has its place in with benefits and limitations just like all countermeasures do in this unified, layered approach to device security.
3. All devices are not created equal.
Today, “endpoint” has taken on a whole new meaning. The term now encompasses traditional servers, PCs, laptops mobile devices (both BYOD and corporate- issued), cloud environments, and IoT devices like printers, scanners, point-of-sale handhelds, and even wearables.
Adversaries don’t just target one type of device—they launch organized campaigns across your entire environment to establish a foothold and then move laterally. It’s important to harness the defenses built into modern devices while extending their overall posture with advanced capabilities. Some endpoints, like Internet of Things (IoT) devices, lack built-in protection and will need a full-stack defense. Ultimately, the goal is to not duplicate anything and not leave anything exposed.
4. All you need is a single management console.
If you’ve been deploying bolted-on endpoint security technologies or several new, next-generation solutions, you may be seeing that each solution typically comes with its own management console. Learning and juggling multiple consoles can overtax your already stretched- thin security team and make them less effective, as they are unable to see your entire environment and the security posture of all your devices in one place. But it doesn’t have to be this way. Practitioners can more quickly glean the insights they need to act when they can view all the policies, alerts, and raw data from a centralized, single-pane-of-glass console.
5. Mobile devices are among the most vulnerable.
Mobile devices are an easy target for attackers and provide a doorway to corporate networks. We’re seeing more app-based attacks, targeted network-based attacks, and direct device attacks that take advantage of low-level footholds. For this reason, it’s essential to include mobile devices in your security strategy and protect them as you would any other endpoint.