X
Please note we have recently updated our Privacy Policy, effective May 24, 2018. You may view the updated Privacy Policy here.
By using this website, you consent to the use of information that you provide us in accordance with the Privacy Policy.

Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform

7-experts-cloud-based-endpoint-security
sean_blanton
February 13, 2018 / Sean Blanton

Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Security Platform.


Adopting Endpoint Security Involves Both Business And Technical Considerations

Chris Thompson, Global Director, IT Security and Controls, Bentley Systems

After deciding to strengthen your endpoint security, there are things to consider that go beyond just the technology itself, says Chris Thompson, global director of IT security and controls at Bentley Systems. If you are looking at a cloud-based solution, you need to have a service-level agreement. You also need to consider the privacy implications of collecting more data at your endpoints, and, of course, you will have to make a business case that supports this added layer of security.

All of these points relate to the original reasons for enhancing endpoint security. “It comes back to what’s causing your incidents,” Thompson says. “If you see that your other controls are performing as expected, but you’re still finding uncomfortably high incident rates at the endpoints, that’s a clear indicator your endpoints need more protection.”

Before adopting a solution, you’ll need to evaluate providers. Thompson believes a cloud-based solution is a natural fit for mobile endpoints such as laptops or notebook PCs. “The endpoint is where all the action is, so having visibility into endpoint activity is important. I like the idea of cloud-based endpoint security. You’ve got to get those logs off the endpoint in near real time so you don’t lose visibility to hackers cleaning up after themselves. I also like that I have visibility into and can effectively quarantine systems that may be outside of the corporate network for extended periods of time,” he says.

 

  • I like cloud-based endpoint security. You’ve got to get those logs off the endpoint in near real time so you don’t lose visibility to hackers cleaning up after themselves.

 

It’s also important to make vendors prove themselves. “My approach is to get a good deal on basic endpoint protection, and then layer that with a leading-edge endpoint detection and response [EDR] product,” Thompson says. “I’ll look to see if it really gives me the visibility and advanced detection and response and quarantine capability that the traditional products don’t have.” He also says that you need to test products to make sure they play well together. “Test them on machines with varying configurations, and if you get good results and a better, more resilient endpoint, you’re in a good place.”

But Thompson also points out that there’s lots to think about besides the technology. “There will be a lot of conversation around support and technical considerations,” he explains. “But you have to look at business issues too.” For instance, endpoint monitoring may add a new dimension to privacy and compliance, especially if you’re a global company operating in different regulatory environments. Another key consideration is how you work with a service provider to create an incident-response program that meets your needs, and how you maintain visibility into what the service provider does with the information they collect.

You may even spend more time on working on these process-management issues than actually assessing technical issues such as management consoles, performance, agent footprints, and other tactical considerations, says Thompson. “My advice would be not to look just at technical questions, but also to spend a good amount of time working on things like compliance and incident response.”

At the end of the day, you have to sell the idea of endpoint security within the organization and to executives who control budget and resource allocations. “This is where it comes back to understanding your incidents and being able to show the risk,” Thompson stresses. “ I like to position it that we’re not just changing products, but we’re enhancing our capabilities, and yes, we are adding cost, but we also add insight and response capability to the traditional endpoint protection tools that are insufficient by themselves.” On the business operations side, one of the greatest concerns is performance. “If a human can detect a degradation in performance, it’s probably not going to work. If you can add technology without adversely impacting system performance, and the business case makes sense, you’ll get a ton of support,” he says.

KEY POINTS

  • It’s important that vendors prove themselves, to show their solution delivers the visibility and advanced detection and response you need, and it plays well on your endpoints.
  • Do not look just at technical questions, but also spend time working on things like compliance related to increased endpoint monitoring, and the vendor service-level agreement.

 

ABOUT THE CONTRIBUTOR

Chris Thompson

Global Director, IT Security and Controls
Bentley Systems

Chris Thompson is a global director of information security who works with commercial organizations to establish risk-based information-security programs. Thompson understands the challenges of designing and maintaining a cost-effective program that can adapt to the rapidly evolving threat landscape. He has implemented strategies for multinational firms designed to meet the business requirements of securing information, while ensuring compliance with regulatory obligations. He is a CISSP, CISM, and GLEG with an MS in Security Management.


Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Security Platform.

TAGS: 7 Experts / cloud / Cloud-Based Endpoint Security / Move to the Cloud