Moving Real-Time Forensics to the Endpoint
- Securing endpoints involves protecting them, having analytical tools that make it easier to find legitimate endpoint incidents, and educating against social-engineering attacks.
- Endpoint-security solutions with back-end analytics engines generally based in the cloud can analyze and validate all the different alerts before the SOC engineer even sees a report.
“The idea is to remove as much of the human factor as possible on the back end and have it self-correlate so it takes 10,000 hits and reduces that to one incident.”
“In retail, when you think about endpoint, you’re typically thinking about the corporate laptop,” says Robert Hood, information security solutions architect at BJ’s Wholesale Club. “Most of the computers given to corporate employees are laptops. And a lot of employees now have the ability to work from home, so mobility is a very big issue. Being mobile, they’re connecting to foreign networks with corporate equipment. The security tools you have on the system have to be active all the time.”