Be Able to Utilize the Data Generated by Endpoint Security Tools
- Whatever data you are capturing, it is important to have the means to process it and leverage it into meaningful risk mitigation.
- Striking the right balance between functionality, operational cost, and risk mitigation provides value to other parts of the business, which goes beyond strengthening the security posture.
“I watch out for the user environment. If you make it so the environment is becoming a hassle, people will try to circumvent it, which defeats the purpose of having the tools.”
Kalin Kingsland, information security leader at InComm, believes the best indicator there is a need for stronger endpoint security is in the data coming out of the security operations center. “If you’re starting to see a lot more noise, either false flags or even true flags pointing toward endpoints, that’s when you should start looking. Look for a movement toward the endpoints. You have to listen to your metrics and analytics about what you’re seeing in your organization,” Kingsland says. This is exactly what is happening now in his organization. “We’re actually seeing a lot of our issues coming from endpoints, with credentials that have been compromised. So we’re getting more focused on mobile devices and laptops, shifting more towards behavior mapping, securing the human, if you will.”