Quick Response Is the Key
- Although active endpoint security makes it possible to identify unusual activities more quickly, it involves analyzing far more data than could be done manually.
- The technology’s ability to rapidly correlate and analyze data, and visualize alerts, makes it useful to a broader base of security personnel.
“At first you will have more false positives, but as you teach the tool through guided learning, the tools get better.”
In recognizing the failure of signature-based security to protect against many modern attacks, Hemanta Swain, senior director and information security officer at TiVO, focuses on two key elements in his security strategy:
Protecting data—This involves managing access to data and protecting it wherever it resides. An important part of this is protecting any data that is located on an endpoint. “Encryption is key,” Swain says. “You have to encrypt data where you store it, when you access it, and when you are moving it. You have to encrypt communications, and you have to keep encryption on your endpoint for any data that may be stored locally.”