At Symantec, by Broadcom Software, we know that in the continuing conflict between businesses and bad actors, the endpoint is a key battleground. That has led many organizations to focus primarily on Endpoint Detection and Response (EDR) and its successor Extended Detection and Response (XDR) for their endpoint security strategy. Both are defensive approaches that have proven effective at finding, isolating, and mitigating attacks that originate at endpoints and do damage throughout an organization.
But stop and think for a moment. Although detecting and responding are essential defensive measures, wouldn’t you be better off preventing attacks from breaching your organization to begin with? Even if you detect and respond to a threat, can you completely eradicate the damage it might have done? To do so, you might have to rebuild your systems from the BIOS on up. Think of the time, effort and lost productivity that entails.
“When attacks are prevented from entering and causing any damage, organizations can save resources, costs, damages, time, and reputation,” according to a recent Ponemon Institute report. The report measures the financial impact of defending against a phishing attack, the average cost of which is $832,500. Of that amount, 82% is spent on detection, containment, recovery, and remediation, leaving only 18% that is spent on prevention. Thus, the report concludes, preventing the attack would save $682,650 on average.
Symantec Endpoint Security (SES) Complete, a re-architected approach to endpoint security, builds on its predecessor Symantec Endpoint Protection (SEP).
Dave Gruber, principal ESG Analyst, says the emphasis on detection and response has gone too far. “ESG worries that security vendors may be over-rotating to detection and response, shifting investment from critical prevention capabilities to the growing market opportunity associated with XDR.” Gruber’s assessment comes in the report, “An Ounce of Prevention is Worth a Pound of Detection and Response.”
According to Gruber’s research, 75% of survey respondents say preventative malware/antivirus protection is an important core capability for an endpoint security solution to have. That’s more than any other endpoint capability, including EDR, which 63% say is important. Gruber will elaborate on the report’s findings in the upcoming webinar: Endpoint Security Prevention or Detection? Weighing Options in Dollars and Sense.
The ESG report also asserts that emphasizing prevention is an important tactic in executing a zero-trust cyber security strategy. That makes sense. If endpoints are not to be trusted, the best approach is to prevent malware from ever reaching them. According to ESG, 75% have an active endpoint security initiative underway that furthers their zero-trust initiative.
According to Gruber’s research, 75% of survey respondents say preventative malware/antivirus protection is an important core capability for an endpoint security solution to have.
One might ask why detection and response tend to be favored at the expense of prevention. One probable reason is that prevention is the most difficult aspect of cyber defense to achieve. In the Ponemon report, 80% say it’s harder than detecting, containing, recovering, or remediating. Another reason might be psychological – the feeling you get when you detect and isolate an attack: Aha! You’ve caught it! Whereas by preventing the attack, you might not know whether you had been attacked or not, and therefore whether your investment in prevention, admittedly difficult, was worthwhile.
All this seems like a daunting conundrum, but there is good news. Symantec Endpoint Security (SES) Complete, a re-architected approach to endpoint security, builds on its predecessor Symantec Endpoint Protection (SEP). SES Complete emphasizes prevention in a defense-in-depth architecture that includes these integrated elements:
- Adaptive Protection based on machine learning
- Mobile protection
- Active Directory protection
- Analyst-curated detection and notification.
On top of those features, SES Complete consolidates multiple endpoint agents into a single agent, and feeds security information into a centralized analytics engine. If you are still using SEP, now is a good time to make the move to SES Complete. As you contemplate your next step, be sure to check out the webinar: Endpoint Security Prevention or Detection? Weighing Options in Dollars and Sense, where you’ll hear valuable insights from ESG’s Dave Gruber into the indispensable role of prevention in a layered cyber security defense.
Endpoint Security Prevention or Detection? Weighing Options in Dollars and Sense
As advanced threats continue to evade security controls, companies have been examining their focus on extended detection and response (XDR) solutions. Join us as ESG Analyst Dave Gruber chats with Symantec’s Security Response Director Kevin Haley & Endpoint Solution Engineer Eric Michael about prevention vs detection.
We encourage you to share your thoughts on your favorite social platform.