I am not a basketball person, but it is said that the late Kobe Bryant had one of the best work ethics in all of sports spending endless time practicing the fundamentals of the game that he learned in his youth.
As we start this new year, we need to get back to some basic blocking and tackling ourselves with our endpoint defenses.
Some questions for you:
- Do you know if all your endpoint antivirus, next-generation antivirus, or your EDR/MDR/XDR (or whatever the marketing people want to call it these days) clients are active, updated, and checking into your main console? If not, why not?
- Are you running any proactive scans with your security toolsets against your endpoints and servers or just relying on real-time protection? If not, why not?
- Is someone reviewing the console for whatever your security stack tools are to look for bad things? If not, why not?
- If your tools require periodic manual updating, do you have a process to get that done 52 weeks a year? If not, why not?
Everything I just said is absolutely free. You already own whatever you own. Good or bad that is your frontline defense. It's on you and your staff to make sure it is current. Not to pick on a product, but I was working with a school district on an unrelated matter and happened to see that they had deployed the Cisco AMP EDR solution, but were not doing the recommended connector updates as the AMP name evolved into the SecureX name with a totally different icon. AMP is not cheap. You are paying for the more advanced EDR functionality which I encourage all of you to have as my suggested minimum standard basic endpoint protection. However, if the security vendor is telling you to do updates and you are not keeping up, then I am questioning the completeness of your overall security model.
Not to be mean, but if you don't have a handle on my four questions, you have some holes you need to fill.
The honest answer is that managing and maintaining endpoints for anything is a bit like herding cats. It is painful and difficult. But the stakes here are very high.
If you are struggling to get a better handle on my list, we believe we have superior protection products and services in our CSEDR offering powered by SentinelOne, our Huntress offering, and a number of other security-related services. Many of these services come with a 24x7x365 Security Operations Center (SOC) to watch over all of this and keep you safe and current.
We are quite proud of our offerings and have seen many, many examples of where those back-end security teams have kept our clients out of harm's way.
If you have questions or need help sorting this out, give us a call.
-Scott Quimby, CISSP