Steve Stonebraker, Principal Security Architect, Guaranteed Rate
To Secure Endpoints, You Need a Complete View of Threats
- To diagnose an alert properly, you need to know where it came from, what websites or other interactions were involved, and whether it is persistent on the network.
- Hunting down threats not only requires special expertise, it cannot be practically done if you are unable to distinguish real threats from false positives.
“You need a tool that can quarantine machines that are showing malicious activity, and then have the right folks looking at it.”
When it comes to securing endpoints in today’s threat environment, early detection and quick response are the rules of the game. And Steve Stonebraker, who has worked in companies with both highly mature and less mature security practices, says that antivirus alone just doesn’t cut it. “I’ve been in environments where you only have basic antivirus. And one of the issues with that is you don’t have all the pieces of the puzzle.” He likens antivirus to the check-engine light on your car. When the light goes on, you have no idea why, and you have no information for diagnosing the problem.
This is an excerpt from 10 Experts on Active Threat Management. The eBook was generously sponsored by CounterTack.
