Information security is more than just checking a box. It also includes security awareness, a feature I discussed in my previous article on endpoint detection and response (EDR) which is just as important as the tools, technologies and other solutions an organization uses to strengthen its digital security. To make a difference, security awareness must hinge on a clearly defined security policy, or an overarching plan by which organizations outline what assets they need to protect, how they intend to secure them, what can be done to measure and audit the effectiveness of those plans, and how violations should be analyzed and prioritized to help minimize the risk of breach. As such, security policies touch a variety of areas that need addressing, including risk assessments, administrator and user responsibilities, disaster recovery, and intrusion detection. For those looking to achieve a high level of security maturity, organizations can develop security policies that specify how they can respond to zero-day vulnerabilities. Those documents can then be coupled with a Responsible, Accountable, Consulted, and Informed (RACI) model to lay the foundation for an organized response to potential threats. That begs the question: can organizations use EDR in tandem with their security policies?
As revealed in Tripwire's Endpoint Detection and Response for Dummies, an online resource that helps security personnel understand how to manage and protect their organizations' endpoints, the answer is "yes." EDR is all about keeping track of new endpoints installed on a computer network. It includes developing a baseline behavioral reference point against which systems can monitor for potential threat activity, such as unapproved changes to firmware, operating systems, applications, and communication software. That means organizations can use EDR to look out for endpoint changes that violate firmware and software requirements specified in their security policies. Ultimately, organizations can get the most out of their EDR when those monitoring systems work with Log Management solutions, Vulnerability Management technologies, and other parts of an organization's security infrastructure to identify threats. By working together, they can share context and use that information to trace potential threat patterns out of multiple events observed on the endpoint level. For more information on how EDR can work with other parts of your organization's security environment, please download Tripwire's eBook here. Title image courtesy of ShutterStock
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
