Credit: iStock Just as the threat landscape evolves over time, so does security technology. Having been in the cyber security space for more than 15 years, I have witnessed a number of evolutions first hand. I have seen macro changes such as the rotation of antivirus solutions from the endpoint to the gateway and back again, as well as the bundling of endpoint security products such as antivirus, antispyware, host intrusion prevention, and application control into an endpoint protection platform (EPP). And then EPP expanded even further to not only protect the endpoint but also the data residing on it, adding stand-alone data loss prevention, port and device control, full disk encryption and similar capabilities into the platform. Now today, new enhancements to protection capabilities complement those focused on detection and response.Different EPP vendors offer a different mix of technologies. It often depends on when the vendor was founded and the customer challenges they were attempting to solve. Because vendors often have different prices for different combinations of features, organizations need to determine which features they need to procure and deploy to reduce their risk to an acceptable level.Traditional Antivirus: The Ubiquitous BaselineToday, most all endpoint devices will at least run traditional antivirus solutions that identify and block known malware. According to Aberdeen Strategy and Research, the median effectiveness of these products is 91.5%. Given the ready availability of traditional antivirus programs within native operating environments and multi-product security suites, the first question organizations should consider is whether an 8.5% likelihood of infections is acceptable.Endpoint Visibility: Avoiding Blind SpotsOf course that 8.5% risk of infection also considers that the average enterprise will only have line of sight into 2/3 of the devices used in their organization. The remaining 1/3 may have no security configuration or protection at all.By improving endpoint visibility, organizations are empirically able to reduce that 8.5% down to a median of 4.7%. In other words, they cut the likelihood of infection almost in half.Pre-emptive Control: Reducing the Endpoint Attack SurfaceBy also enforcing appropriate security configurations such as the availability of ports and services on the device and shielding vulnerabilities from exploit, organizations can reduce that likelihood of infection by more than half again. Aberdeen’s analysis establishes the likelihood of compromise when traditional antivirus, improved endpoint visibility and pre-emptive controls are employed at 3.7%. Although it can be challenging, good cybersecurity hygiene can go a long way to reducing risk, even before moving to more advanced endpoint security capabilities.Post-execution: Detecting and Defusing Unknown MalwareTo go the extra mile, organizations are increasingly adding dynamic, behavior-based protection, detection and response that addresses unknown malware. By focusing on identifying recurring malicious behaviors rather than specific files, even previously unknown malware can be identified.In analyzing the effectiveness of these newer technologies across multiple products over time, Aberdeen estimates the median likelihood of a security incident is 0.4%. Of course the analysis assumes that all of the technologies are properly deployed and enabled.Key Take-away: What Level of Risk is Acceptable to YouTo determine the right endpoint security capabilities and select their associated products and vendors, organizations need to determine whether they are comfortable with an 8.5% risk of a security incident. If so, almost any credible endpoint security solution will do. If not, they need to determine what technologies they need to add in order to reduce that risk and by how much. Is ~5% risk acceptable? 3.5%? Less than 1%? The answer will guide your endpoint security approach.Impact: The Second VariableFinal note, to quantify the business decision, both the likelihood (discussed above) and impact of an incident need to be taken into account. A recent ransomware survey revealed an astonishing 67% of organizations having been a ransomware target, and if the high-profile ransomware incidents of 2021 are any indication, the impact can be high,including paying ransomware demands, lost productivity while systems are restored, and business impacts from the loss of intellectual property.Organizations should carefully consider their risk tolerance before sticking with a traditional endpoint security product they got “for free” because it was already licensed. On the flip side, they also shouldn’t rush to select the latest “hot” endpoint security technology that might not include capabilities to handle the basics of good cyber hygiene or one that sits in a silo and adds complexity by not integrating well with other security solutions. Another investment consideration involves taking a look not at new technology, but at training and education for employees as 85% of data breaches involve human interaction, according to the 2021 Verizon Data Breach Investigations Report.With so many factors to consider, there is no single right answer for everyone, so think it through. By taking into account both the financial impacts of purchasing solutions to mitigate attacks and the financial impacts of an attack itself, while also asking the question, “How much risk am I willing to take?” you will find the best course of action for your organization.Learn more about Fortinet’s FortiEDR solution and how it has the unique ability to defuse and disarm a threat in real time, even after an endpoint is already infected. Related content brandpost Sponsored by Fortinet To defeat AI attacks, fight fire with more fire By Derek Manky, Chief Security Strategist & Global Vice President of Threat Intelligence, FortiGuard Labs Feb 29, 2024 6 mins Artificial Intelligence brandpost Sponsored by Fortinet Stronger together: Creating a cyber-secure community Corporate, public, and non-profit partnerships are key to creating stronger and better cybersecurity strategies. By Rob Rashotte, vice president of global training and technical field enablement, Fortinet Jan 04, 2024 5 mins Security brandpost Sponsored by Fortinet The MVPs of the APT game APT groups are on the move. Here’s how to beat them back. By Derek Manky, Chief Security Strategist & Global VP Threat Intelligence, FortiGuard Labs Jan 04, 2024 5 mins Security brandpost Sponsored by Fortinet Building cyber resilience: 3 imperatives for today’s organizations 3 creative ways to bolster your security posture—without hiring an army By Derek Manky Dec 17, 2023 4 mins Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe