5 Characteristics to Look for in a Good Endpoint Security System

In December 2020, one of the most sophisticated cyberattacks of the 21st century was discovered—the SolarWinds Sunburst attack. Microsoft, as well as the US government, traced an advanced persistent threat breach back to a hack on SolarWinds, an IT management software and remote monitoring company.1

The attackers had added a backdoor known as 'Sunburst' to one of SolarWinds’ infrastructure monitoring and management platform. The malicious program was disguised as a routine software update and was distributed to SolarWinds customers globally.

This backdoor gave the APT group access to the customers' networks, enabling them to explore and steal sensitive files and credentials. More than 18,000 customer organizations were compromised.

Customers with Endpoint Detection & Response (EDR) Were Protected

However, customers using SentinelOne protected devices were spared from the SolarWinds Sunburst attack without any updates to the SentinelOne XDR platform.2 This protection was due to the security product's autonomous AI and anti-tampering, which shielded its customers at the point of attack.

This proves how critical it is to have a good endpoint security system in place. To help you select the best security solution, we’ve identified five key features a good endpoint security system should have:

  1. Offers Proactive Approach to Novel Threats

    Ensure that your security product proactively detects unknown threats via machine learning (ML) models and behavioral AI. Past security products primarily relied on malware ‘signatures’—they see an active threat that’s compromising other enterprises and write a signature to update their endpoints. However, signature-based defenses are entirely useless against a novel threat.

    To overcome that, some vendors have now turned to ML models and behavioral AI to identify patterns common to malicious files and behavior. ML models can be trained to effectively deal with most of the commodity malware we have today, but they cannot be relied on to catch all malware pre-execution. Nevertheless, it’s a great tactic to keep endpoints safe from common attacks. Behavioral AI works splendidly alongside ML models by identifying patterns of behavior that are typical of cyberattacks.  

    However, it would be best to avoid solutions that rely on cloud connectivity to offer security features, as cybercriminals can easily disconnect a device while deploying their attack. Choose a product that works locally on the endpoint and can make decisions at machine speed for the best possible endpoint protection.  

  2. Efficient Damage Mitigation with 24/7 SOC and Automated Systems

    Pick an endpoint security solution capable of automatically mitigating and remediating designated processes on the device. However, automatic mitigation isn’t the best way forward in all cases; if a false positive software update is released for example, it can quarantine every host in an environment.

    Instead, get a security solution that works with a 24/7 security operations center (SOC) to review the alert, and then leverage the automation system to execute a playbook to isolate a host. This way, if there is a false positive case, it won’t break your production system.

    Ask your endpoint security vendor about what automated mitigations are available and what happens in case of a missed detection.

  3. Multi-Site and Multi-Tenancy Flexibility

    With organizations going global and remote employees becoming the norm, it's more important than ever to have an endpoint security system that supports multi-tenancy and multi-sites. In other words, your security solution should work on large numbers of devices and data points, so that it can manage, respond to, and collect data from your global sites while allowing local teams to inherit from the central policy and manage locally when needed.

  4. Plugs Gaps with Auto-Deploy

    It’s not surprising for IT and security admins to miss a few endpoints in the system, especially in a vast organization spanning multiple sites and sub-networks. Unfortunately, this is where cybercriminals take advantage of unprotected endpoints.  

    A practical solution is to map the network and fingerprint devices to determine what is connected and unprotected. Choose an endpoint security product that offers an automated means to find deployment gaps quickly and reliably, and install the solution on these unprotected endpoints.  

  5. Wider Visibility

    Visibility on what's happening on your endpoints needs to evolve, particularly with increased digitalization. The best endpoint security systems are now moving from EDR into Extended Detection and Response (XDR). It helps organizations address cybersecurity challenges from a unified standpoint, resulting in faster and more effective threat detection and response.

    An effective XDR platform should offer out-of-the-box cross-stack correlation, prevention, and remediation while enabling users to write their own cross-stack custom rules for detection and response.

1SolarWinds hack explained: Everything you need to know; Whatis.com
2All SentinelOne Customers Protected from SolarWinds SUNBURST Attack; SentinelOne

Get There First with a better security solution

Digital Hands' CyGuard EDR featuring Sentinel One delivers superior threat detection and effective split-second response. Get There First with the only solution powered by CyGuard Maestro and backed by Digital Hands security analysts. You’ll experience:

  • Highly adaptable anti-malware security solution 
  • Actionable vulnerable software discovery 
  • Reduced response time and resources 
  • Rapid deployment and implementation 
  • Increased protection from ransomware, Zero Day malware, and exploits 
  • Complete root-cause visibility 
  • Lightened IT analyst load with application hardware control 

About Digital Hands

As a new kind of MSSP, Digital Hands is how organizations can get ahead of cyber threats in a world where compliance alone is no guarantee of protection.

To be truly protected, you must get to your exposures before the bad guys do. You need a "See More, Flex More, Do More" approach that ensures that you're always a few steps ahead of the latest threats in cybersecurity, safeguarding your organization around the clock, anywhere in the world.

Only Digital Hands brings you this approach. It's why organizations with sensitive data—hospitals, financial institutions, law firms, and government agencies—continue to give Digital Hands an industry-leading CSAT of 98% year after year.

To know more about Digital Hands' CyGuard EDR solution, contact us to learn more.