When properly configured, end users should not notice that an endpoint security solution is running. Advanced security software coupled with faster modern processing has greatly decreased the slow-down users complained about in the past. In fact, many employ cloud-based operations to ease the burden on local resources. However, there are still numerous configuration tweaks that can make endpoint protection run lightly and more hands-free.
Additionally, adept endpoint security solutions can also be configured to greatly reduce the workload required of your IT and network security team. With proper configuration, routine actions can be automated and endpoints can be monitored and controlled by the software. Utilizing centralized control and fully-integrated security solutions greatly increase efficiency as well.
Managing endpoint security is a complicated, ever evolving endeavor. However, many experienced security experts agree on a few practices that can reduce workload on both human and network resources.
Don’t Set it and Forget it
While it can do a lot, it cannot do everything
Many security professionals when asked what the biggest misconception about endpoint protection is, answer that many (especially smaller organizations) fail to monitor the performance of the solution and implement changes as needed. They “set it and forget it” and expect the endpoint solution to keep their data and equipment safe. In short, they rely too heavily on the security software to take care of everything for them.
Best practices dictate that you should not rely on your initial settings or suggested configurations. If you use an IT service, regular maintenance and improvements should be included as part of your service agreement. Those who use in-house IT security persons should schedule routine analyses of system configurations to continually discover ways to not only improve security, but also network efficiently.
Some things to consider updating periodically include: data backup protocols, user profiles, bring-your-own-device (BYOD) policies, patch and firmware updates, use policies and employee training, firewall configurations and passwords. In addition, the security product may add new features that you may want to utilize. Other considerations include the necessity to protect your network from connected “internet of things” devices that are becoming increasingly more popular.
Automate Alerts and Incident Responses
Automation is key and greatly reduces human resource requirements
Automated functions are one of the best resource saving features included with endpoint security solutions. Without automated actions, your team potentially could be responding to hundreds of minor threats daily. You can configure the software to automatically respond to routine or even serious threats. The action may be complete blocking of an action, such as an unknown device attempting to connect to the network. Most can even manage more advanced threats automatically such as malware recognition or perimeter breach detection. All incidents can be viewed in your reports. You can also set it to elevate issues to you directly if a serious threat is discovered.
Some examples include simple issues such as employees attempting to visit blocked websites, which are often considered as minor incidences. The software can deny access and provide an automated message to the user so they know why they were disallowed access. If this continues to be an issue you will notice it in monitoring reports and can address it more aggressively if needed. Another automated response is configuring it is interrupt large downloads. Sometimes this can be initiated by an employee accidently, other times it could be a security issue. Employees should know from your security policy training that certain types of downloads are not allowed without permission, but automated responses will ensure that this type of action does not occur. If a serious security incident occurs, even over-the-weekend, the system can be configured to contact the on-call security person directly and immediately. Once everything is configured properly, you should only have to directly respond to serious issues and review incident reports to respond to routine issues.
Automated responses can be configured per device, per user, and even by profile or group. For example, you could easily configure unique profiles for human resources, IT persons, sales team members or board members. This makes automated responses even simpler to deploy. Once established, you should rarely have to line-by-line create profiles for new users. If your network includes remote endpoints, VPNs or mobile devices, you’ll want to ensure automated policies manage these as well.
Reduce Local Signature Downloads and Analysis
You no longer have to download and host all malware signature files
First off, we all know that relying solely on signature-based antivirus protection will not fully secure your network and data. But it is still a technology that is used to identify known and evolving malware. Newer endpoint antivirus technologies can manage signature downloads and processing more efficiently. For example, Symantec reports that its latest version has reduced the fresh install of core definitions by 68-percent. If your system requires locally stored signatures and processing, you can configure the endpoint security software to control how and when these downloads occur.
Symantec and other services also employ cloud technologies to evaluate threats without using local resources. Symantec claims this has reduced daily updates by 70-percent. To boost security from malware and emergent threats the cloud processes also include behavior analysis, virtual sandboxing and other security techniques to identify unknown or zero-day malware.
In most cases, business security systems only require a small client-side download to manage endpoints. So, end users will rarely even notice the communications happening between their device and the processing and analyses part of the solution. Of course, security software intended for micro businesses, that do not include a centralized management console, may require a larger install file. However, even consumer security versions often use cloud-based processing to greatly reduce noticeable interference in the user experience.
Consider an Upgrade
Despite your best efforts, it may be time to upgrade your endpoint security solution
It may be time to justify an upgrade if you are attempting to secure your network using ad-hoc solutions or poorly integrated technologies. If you need to secure over 20 endpoints, you may also be able to justify upgrading to a system with centralized control. If you are using separate technologies for securing your servers, Windows machines, Mac computers, mobile phones, displays and connected devices, it may be time to upgrade to a system that can protect all devices through one control panel.
You may not be the one in control of the budget, so you may need to create a compelling argument for an upgrade. Stakeholders will want to understand why the expense should be budgeted and what their return on their investment (ROI) might be. If you have not yet experienced an expensive data loss or hardware damage it may even be more difficult to achieve funding approval.
The first tactic may be to explain, in hard numbers, the financial risks. It may also help to not only talk about security, but also efficiency improvements. If your business is in the medical or financial industry, data losses can be expensive. However, even if you do not work in a heavily regulated industry, you can lose client confidence by mismanaging a data breach, which in the end can hit your company monetarily. Many utilize the Factor Analysis of Information Risk (FAIR) model to access probable risk. FAIR is a good placed to start if you are looking to quantifiably evaluate potential risk.
Here are some data points that may help:
- Real Cost of Data Loss. According to an IBM sponsored study conducted by the Ponemon Institute the average cost of each stolen or lost sensitive file costs $141 each in 2016. This is enough to put small companies out of business if multiple files are lost.
- Loss of Client Confidence. According to a survey conducted by Vanson Bourne 76-percent of respondents said they would move away from a company with a high occurrence of data breaches.
- Email Scams. Despite IT’s best efforts email scams are still profitable and employees continue to be fooled. Trend Micro reports to the cost of $5 billion.
- Data Recovery Costs. While prices vary, it can easily cost one dollar per GB to recover data. A thousand dollars per TB adds up quickly.
- Recover Time. On average, according to Ponemon Institute, it takes 50 days to resolve a malicious insider attack and 23 days to recover from a ransomware attack.
Efficiency improvements may seem obvious from your point of view, but perhaps not to those outside your team. But most understand the frustration of things not working right. You can create quantifiable scenarios to demonstrate the perceived savings of updating your security system. In some cases, you may even be able to streamline your personnel once efficiencies are realized. Or you may finally have enough resources to manage backburner network issues. To create quantifiable motivation, you can use incident records and the labor hours required to fix the problems to create real-life cost examples. You may also be able to explain the costs of trying to maintain disparate solutions compared to a unified system.
Minimizing resource usage is a smart practice overall. End users benefit from fewer production interruptions and IT teams profit from having more time to deal with more advanced threats and network issues. Taking advantage of advanced endpoint protection software features can help you automate routine tasks and save everyone time and money — nearly to the point of paying for itself over time.