This blog is about the “BIG three” endpoint defence technologies any good business should employ:
- Mail Protection
- Web Protection
- Antivirus/Malware Protection
When it comes to combating cyberthreats and protecting personal data, these three pieces of technology can form an important part of your defence strategy. However, it’s important to realize that the “BIG three” can’t stand alone if you want to avoid fines under the General Data Protection Regulation (GDPR). Because ultimately, GDPR is about the user’s data-privacy rights and protection of those rights. While endpoint defence plays a pivotal role, it’s important to keep in mind that there are many parts to data protection as it’s defined within GDPR.
Before We Get Started…
The great thing about these technologies is they’re easy to deploy and in all honesty one product doesn’t fit all situations, if you gather together three business’ and ask them to tell you what defence software they employ and why, you would get a lively debate indeed. Unfortunately, the “BIG three” technologies don’t work well against cybercriminals without other foundational components in place. It’s akin to building a house on a shaky foundation—we all know what happens to the house over time.
What The BIG Three Defences Provide
“Kill it dead before it even gets inside the organisation.”
That’s the central idea behind an on-premises or cloud-based mail protection product. Mail protection cuts down on spam, quarantines emails with suspicious attachments, and even combats phishing attempts. Some mail protection products use multiple live antivirus engines to scan for threats and protect the network, while others conduct “sandbox” analyses to check if any attachments cause problems this means it opens the attachments and checks contents in a safe environment before it hits a business.
Mail protection can be helpful in two scenarios. First, mail protection helps prevent malicious email from coming into the organization. Second, mail protection also helps when spam or malicious emails go out of the organization. It’s not uncommon for cybercriminals to hijack inboxes as a way of sending out spam or spoofing the senders’ information for a phishing scam.
“Kill it dead before it infects the workstation.”
That’s the central role of your antivirus product—whatever product you choose. If cyber-criminals attack using a known exploit of an installed software program, a simple click on a link or opening an attachment can allow access to the workstation opening a connection out to the internet, your antivirus should detect the issue and attempt to stop it. Look for an antivirus program that includes signature-based scanning, heuristic detection, and behavioural analysis to get the greatest protection.
“Kill the network connection or prevent infection in the first place.”
Web protection can be great for keeping users off sites that could potentially infect their computers. But it does more than just that. Web proxy and network layer protections can be used as a last-ditch preventive technology to try to block a Trojan’s attempts to download a malicious payload. With cybercriminals’ access to anonymous or compromised servers, and even Dark Web servers, network layer protections are truly last ditch, but they’re useful nonetheless. Certainly, if traffic analysis shows communication to potentially malicious sites, that could be a good indicator of compromise. Network layer protections help identify the presence of something bad if the email protection and antivirus missed it.
It’s no secret that parts of the web are absolutely riddled with malware. Stolen content sites (popular movies and TV shows) and adult material are both extremely dangerous for even the most protected endpoints to visit. Web protection keeps users off those sites to prevent malware (as well as human resources issues).
Endpoint Defences Are a Must
Most compliance frameworks require endpoint defences. But given the dangers and capabilities of cybercriminals, the “BIG three” need reinforcements and must stand on a solid foundation to maximize endpoint and data protection.
The final word: don’t skimp on endpoint defences, but don’t forget to employ other foundational technologies as well to help ensure protection for data at all levels.