Prevention is the Best Medicine for Endpoint Threats


Not that long ago, endpoint protection was a simple matter of installing desktop anti-virus and anti-malware programs, and periodic software security patches. Many organizations have learned the hard way that those approaches, while valid, are not enough to fend off today’s relentless threats. New prevention-focused advanced endpoint security (AES) options are rapidly becoming available—and organizations should consider using them to stay ahead of threats.

Demonstrating just how difficult it can be to protect endpoints, one healthcare organization discovered that its patient portal had been compromised through a caregiver endpoint. Not only did the attack violate patient trust, but it also meant that the organization had violated federal HIPAA regulations for patient privacy.

Of course, the organization had some standard cybersecurity protections in place—but that was not enough to prevent a costly attack. In the aftermath, we helped the organization establish a more aggressive security posture.

The reality is that traditional endpoint security approaches are often a step or two behind today’s fast-moving and highly sophisticated attacks. As this Verizon infographic reveals, 38 percent of 2015 attacks compromised systems within seconds, but took days to contain.

With these distressing statistics in mind, prevention is the best medicine. One measure is toundertake periodic security assessments—quarterly is ideal—to stay abreast of risks. With a stringent process for regularly scanning applications and infrastructure for potential vulnerabilities, an organization can more effectively protect against known threats.

New ways to tackle fast-moving, complex threats

Advanced endpoint security is another important option. As threats and attacks becoming more challenging, vendors are moving aggressively to offer new AES solutions. Some focus on advanced prevention; others focus on advanced detection-and-response mechanisms; some do both.

The continued evolution of endpoint forensics is particularly promising. Cisco’s 2016 Annual Security Report found that only about a third of organizations use endpoint forensics. However, vendors have made great strides in lowering costs and improving the usability of these powerful software tools, which constantly sweep an organization’s endpoints for signs of threats.

A key part is the “forensics”—analyzing files and processes at work on endpoints for signs of unusual behavior. Cloud-based solutions, like Cisco’s Advanced Malware Protection for Endpoints, perform the analysis remotely to avoid slowing the user’s machine.

As we’ve mentioned previously, the availability of AES does not mean organizations should abandon anti-virus and anti-malware programs already in place. But, in these days of BYOD and remote access, no IT security team can control the security status of every device.

While no one can predict what tomorrow’s security threats will be, a broad approach to prevention can go a long way toward fighting the problem.

Cisco sponsored the development of this security series.


October 26, 2016