The recent SANs 2018 Survey on Endpoint Protection and Response makes clear that point-security solutions are not enough to quell the ever-growing barrage of cyberattacks. The survey polled 277 IT professionals on endpoint security concerns and practices. In this year’s survey, 42% of respondents reported that endpoint exploits were down from 53% in 2017. However, the number of those who didn’t know they had been breached jumped from 10% in 2017 to 20% in 2018. To that end, security and network professionals need a way to detect when such vulnerabilities are taking place. In this article, I’d like to outline the importance of continuing to protect your network with endpoint protection while supplementing it with network traffic analytics.


Endpoint protection isn’t enough, but it’s still important

As cybercriminals continue to engage in newer, more sophisticated attacks on businesses, those businesses need new ways to respond. Most companies are doing a good job of allocating money toward the problem; corporate spending on cybersecurity is projected to grow eight percent this year (from 2017). Companies are spending money both on preventative security products, such as firewalls, and products meant to detect threats that have penetrated the network in areas like endpoint protection.

“Global IT spending growth began to turn around in 2017, with continued growth expected over the next few years. However, uncertainty looms as organizations consider the potential impacts of Brexit, currency fluctuations, and a possible global recession,” said John-David Lovelock, research vice president at Gartner. “Despite this uncertainty, businesses will continue to invest in IT as they anticipate revenue growth, but their spending patterns will shift. Projects in digital business, blockchain, Internet of Things (IoT), and progression from big data to algorithms to machine learning to artificial intelligence (AI) will continue to be main drivers of growth.”

Endpoint protection will provide organizations with the ability to easily manage and eliminate the most common of malicious activity. Most viruses, trojans, worms, and other malware can easily be handled with enterprise-grade antivirus and endpoint protection. By continuing to invest in these areas, and by including a layered security approach with firewalls, IPS, IDS, etc., organizations can reduce the number of alerts and false positives that are being thrown at their SIEM and other security platforms.

By reducing the risks and the associated alerts, IT professionals can better engage with real threats that are on the network.

Network traffic analytics to supplement existing endpoint security

By taking advantage of the existing infrastructure and by looking at the metadata from that infrastructure, network and security teams can actively pursue the threats that get past the endpoint protection and are too cumbersome to maneuver through in the SIEM.

Network traffic analytics should be used across the entire network infrastructure to help IT professionals see when malicious activity is taking place. By leveraging the network data, network and security teams can work together to thwart the efforts of malicious actors.

Specifically, when malicious software infiltrates a system, there are many paths it may take to try and infect other systems. These behaviors are quickly identified with network traffic analytics, and can allow the business to return to normal quickly.

To learn more about how you can stop the other half of malware that gets past your AV, download our threat intelligence platform, Scrutinizer, today.


Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.


Leave a Reply

Your email address will not be published.