Endpoint security was a hot topic at RSA 2017. While endpoint security is extremely important, it has some significant limitations (like being vulnerable to zero-day attacks). Focusing on endpoint threat data without correlating it to network information can cause serious problems. Layered security solutions that correlate threat data from both the network and the endpoint can help you see threats you could easily overlook otherwise.
WatchGuard’s Information Security Threat Analyst, Marc Laliberte, shared his thoughts on network and endpoint security in a recent article for Help Net Security. Here’s a brief excerpt taken from his commentary:
So, if malware can circumvent both network and endpoint security solutions, why not combine data from both sources for correlation? This practice can help security professionals see threats that are hiding from one or the other, and make more informed decisions about how to react to them. If an endpoint detects an unknown file that it flags with one or two suspicious behaviors, but it’s immediately followed by suspicious network traffic involving the same IP address, those two data points together indicate a higher risk of an attack than either one alone.
Read the complete article at Help Net Security for more information on the power of combining network and endpoint security.