Posted: 3 Min ReadFeature Stories
Translation: 日本語

Prevention for the Enterprise: Your Most Important Defense

Keeping malware off endpoints is essential to defense in depth

At Symantec, by Broadcom Software, we know that in the continuing conflict between businesses and bad actors, the endpoint is a key battleground. That has led many organizations to focus primarily on Endpoint Detection and Response (EDR) and its successor Extended Detection and Response (XDR) for their endpoint security strategy. Both are defensive approaches that have proven effective at finding, isolating, and mitigating attacks that originate at endpoints and do damage throughout an organization.

But stop and think for a moment. Although detecting and responding are essential defensive measures, wouldn’t you be better off preventing attacks from breaching your organization to begin with? Even if you detect and respond to a threat, can you completely eradicate the damage it might have done? To do so, you might have to rebuild your systems from the BIOS on up. Think of the time, effort and lost productivity that entails.

“When attacks are prevented from entering and causing any damage, organizations can save resources, costs, damages, time, and reputation,” according to a recent Ponemon Institute report. The report measures the financial impact of defending against a phishing attack, the average cost of which is $832,500. Of that amount, 82% is spent on detection, containment, recovery, and remediation, leaving only 18% that is spent on prevention. Thus, the report concludes, preventing the attack would save $682,650 on average.

Symantec Endpoint Security (SES) Complete, a re-architected approach to endpoint security, builds on its predecessor Symantec Endpoint Protection (SEP).

Dave Gruber, principal ESG Analyst, says the emphasis on detection and response has gone too far. “ESG worries that security vendors may be over-rotating to detection and response, shifting investment from critical prevention capabilities to the growing market opportunity associated with XDR.” Gruber’s assessment comes in the report, “An Ounce of Prevention is Worth a Pound of Detection and Response.”

According to Gruber’s research, 75% of survey respondents say preventative malware/antivirus protection is an important core capability for an endpoint security solution to have. That’s more than any other endpoint capability, including EDR, which 63% say is important. Gruber will elaborate on the report’s findings in the upcoming webinar: Endpoint Security Prevention or Detection? Weighing Options in Dollars and Sense.

The ESG report also asserts that emphasizing prevention is an important tactic in executing a zero-trust cyber security strategy. That makes sense. If endpoints are not to be trusted, the best approach is to prevent malware from ever reaching them. According to ESG, 75% have an active endpoint security initiative underway that furthers their zero-trust initiative.

According to Gruber’s research, 75% of survey respondents say preventative malware/antivirus protection is an important core capability for an endpoint security solution to have.

One might ask why detection and response tend to be favored at the expense of prevention. One probable reason is that prevention is the most difficult aspect of cyber defense to achieve. In the Ponemon report, 80% say it’s harder than detecting, containing, recovering, or remediating. Another reason might be psychological – the feeling you get when you detect and isolate an attack: Aha! You’ve caught it! Whereas by preventing the attack, you might not know whether you had been attacked or not, and therefore whether your investment in prevention, admittedly difficult, was worthwhile.

All this seems like a daunting conundrum, but there is good news. Symantec Endpoint Security (SES) Complete, a re-architected approach to endpoint security, builds on its predecessor Symantec Endpoint Protection (SEP). SES Complete emphasizes prevention in a defense-in-depth architecture that includes these integrated elements:

  • Adaptive Protection based on machine learning 
  • Mobile protection
  • Active Directory protection
  • Analyst-curated detection and notification.

On top of those features, SES Complete consolidates multiple endpoint agents into a single agent, and feeds security information into a centralized analytics engine. If you are still using SEP, now is a good time to make the move to SES Complete. As you contemplate your next step, be sure to check out the webinar:  Endpoint Security Prevention or Detection? Weighing Options in Dollars and Sense, where you’ll hear valuable insights from ESG’s Dave Gruber into the indispensable role of prevention in a layered cyber security defense.

Symantec Enterprise Blogs
Webinar

Endpoint Security Prevention or Detection? Weighing Options in Dollars and Sense

As advanced threats continue to evade security controls, companies have been examining their focus on extended detection and response (XDR) solutions. Join us as ESG Analyst Dave Gruber chats with Symantec’s Security Response Director Kevin Haley & Endpoint Solution Engineer Eric Michael about prevention vs detection.

Click to Register Now
Symantec Enterprise Blogs
You might also enjoy
3 Min Read

Extending Security Beyond the Endpoint with Symantec XDR

XDR technology expands visibility and correlates data from thousands of cloud services and endpoints for SOC analysts

Symantec Enterprise Blogs
You might also enjoy
3 Min Read

Symantec Endpoint Security Complete: Choose the Best

Helping the enterprise realize ROI gains

About the Author

Eric Michael

Technical Director, Symantec by Broadcom Software

Eric is Technical Director, with a focus on helping customers understand the benefits of Endpoint Security solutions. He joined Symantec more than 20 years ago as a pre-sales Systems Engineer and has achieved the CISSP, CCSK, and Security+ designations.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.