Centralised logging and automation solutions are now a necessity to detect, defend against and respond to modern attacks, according to the SANS 2019 Endpoint Protection and Response Survey released by SANS Institute
These solutions include data analytics tools – such as security information and event management (SIEM) and endpoint detection and response (EDR) – as well as anomaly detection technologies like user behaviour monitoring and machine learning.
“Attacks often start on employee workstations, then pivot to critical data sources on servers,” said SANS instructor and survey co-author Justin Henderson. “That makes endpoints ground zero for protecting an organisation’s assets. But defending them from attacks is not easy.”
In fact, 39 per cent of survey respondents have concerns about employee-owned mobile devices and lack processes to cover them in corporate policy.
“Due to the never-ending nature of cyberattacks, it is vital that organisations collect the data that will enable them to quickly identify the attack, mitigate any damage and remediate the issues,” according to survey co-author and SANS instructor John Hubbard. “However, due to the complex nature of logging and a multitude of data sources, many organisations struggle to gather the proper data they need to conduct efficient incident response and remediation activities.”
While 11 per cent of respondents report an inability to identify what data has been breached and 66 per cent find it difficult, the SANS survey indicates that a combination of file access auditing, DLP and EDR solutions might help organisations that struggle with these activities.
The 2019 survey also shows that the use of next-generation endpoint controls is increasing within organisations. Anomaly detection increased by 10 per cent and machine learning solutions increased by 12 per cent. Even tools such as automation tools and vulnerability scanners increased in implementation by five per cent year-over-year.