Guest Post

Endpoint security is nothing without human operators

The growing threat landscape has made endpoint security more important than ever. Deploying an endpoint security platform without the proper staff, however, is simply not enough.

From Kaseya and Colonial Pipeline to Molson Coors and CD Projekt, organizations across the globe continue to fall victim to cyberthreats. It's more important than ever, therefore, to implement endpoint security mechanisms to protect against these attacks.

Endpoint security platforms' ability to collect and analyze data has become far more comprehensive in recent years. These platforms offer malware prevention and detection, virus scanning and user behavior analysis. They also help security teams handle the hundreds, if not thousands, of security alerts they receive daily, in turn helping to save time and prioritize security duties.

An endpoint security platform is not a silver bullet, however. It can be difficult and expensive to integrate endpoint security products with other systems. Cybersecurity leaders are left to balance the risks of weak endpoint security with the cost of secondary products. Endpoint data analysis requires support from other aspects of the overall security stack. Telemetry from endpoints, identity tools and the cloud must all be taken into consideration, too. The growing complexity of devices is also blurring the ability to detect compromised endpoints.

Humans' role in endpoint security

Despite growing technological advances, human operators are still the ones responsible for security. This places considerable pressure on humans to make important and quick decisions when managing cyber attacks. Rather than relying on tools and technology, organizations must place emphasis and resources on human innovation and cybersecurity skills. Human actions have a far greater impact on detecting, preventing and remediating attacks than most realize. Automated response actions might even adversely impact businesses. Therefore, some cybersecurity attack responses should be placed in the hands of a human operator, because an incorrect approach might cause more damage than the initial breach itself. And as new and complex security tools become readily available, it's more important than ever for organizations to invest in human skills to help contend with these new advancements.

Organizations tend to set it and forget it when dealing with endpoint security, often due to resourcing or lack thereof, especially in startups and SMBs. Basic security awareness training can help teach employees how to avoid phishing campaigns, but endpoint security threats can be more difficult to explain.

The cybersecurity industry often forgets that we're all in this battle together. Regardless of industry or size, organizations share a common goal of obtaining 100% security. That said, the community must do a better job coordinating with one another on how to defend against the latest and greatest threats.

Airplanes and endpoints

Airplane black boxes serve a similar role as endpoint security products. Imagine if after an airplane crash the only tools that could be analyzed were air traffic controllers and the information they received while communicating with the flight. Investigators would quickly reach a wall, which is similar to what would happen without endpoint security tools. By using the information stored on an airplane's black box, however -- including all the internal systems from the plane -- the likelihood of determining the cause of the accident would increase. Although it takes additional time to analyze the influx of data, endpoint security tools increase visibility in a similar way.

The future of the endpoint

Endpoint security is not the be-all, end-all of the security stack. Conducting regular patching, implementing multifactor authentication and policies of least privilege, and having a good security monitoring program are also necessary. Extended detection and response has now evolved into a more comprehensive approach to endpoint security by broadening the scope of detection beyond endpoints to include data from networks, servers and the cloud.

Yet all these tools and processes are useless without humans who know how to deploy, configure, manage and maintain them, as well as use them to respond to the growing threat landscape. This is often where organizations fall short: Technologies are prioritized, but the skills needed to use them and reach their full potential are commonly glossed over. Upskilling security professionals is just as important as, if not more important than, improving the security technology itself.

If given a choice between basic tools and an expert team or the best tools with a mediocre team, the former should always be the preferred option. If security teams aren't staffed with trained employees, the tools won't work, and organizations are guaranteed to miss threats that could result in severe consequences.

About the author

Kevin Hanes is CEO of Cybrary, a cybersecurity professional development platform. Before joining Cybrary in June 2021, he spent eight years as COO of SecureWorks. Hanes began his career at Dell Technologies in custom software integration and moved into leadership roles with increasing responsibilities and global scope over his 15-year tenure. He has a bachelor's degree from St. Edward's University in Austin and a master's degree from the University of Texas at Austin.

Dig Deeper on Data security and privacy