Choose Your Security Solutions Based on Threats, Not Acronyms

This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Vice President at Beachhead Solutions Cam Roberson offers insights into selecting the best security solution for your company.

IT leaders tasked with vetting, buying, and deploying data and system security solutions face an ever-more-confusing alphabet soup of acronyms. A glance at advertised tools would lead you to believe that you have to have EDR, XDR, SOAR, AV, or SIEM. Even more confusing, these acronyms commonly have more to do with marketing than explaining what vulnerabilities the tools actually mitigate.  

The terms are nebulous, overlapping, and in constant shift. For example, a buyer leafing through solution materials today will likely conclude that they need “EDR” simply because it’s positioned as the shiny new toy of the moment. However, while the term stands for endpoint detection and response, security industry experts also understand that this acronym’s meaning has drifted and may mean entirely different things to different people.

Widget not in any sidebars

Today, it seems the acronym has generally been associated with the new breed of zero-day, behavioral-based AV (antivirus) products. In truth, a great many powerful and full-featured solutions protect endpoints and offer effective proactive threat response without fitting squarely into the EDR category as it is now commonly defined. This example, and many like it, show the challenge businesses face in understanding their actual security options. 

The answer is to at least in part ignore the confusing acronyms and instead choose security solutions based on what they, well, actually protect you against. The truth is that businesses will require a comprehensive, holistic suite of security tools to protect systems and data from all threat vectors.

A business that invests in piecemeal solutions solely based on their acronyms will inevitably end up playing whack-a-mole with unanticipated threats or learn about their dangers the hard way. Such businesses must also understand what vendors mean when they assume the mantle of particular acronyms. For example, a vendor may advertise itself as an EDR solution, and unsavvy buyers may interpret marketing materials over-optimistically to believe the offering protects against all security risks when, in truth, its protections have depth but far more specific. 

Relevant to this challenge is the current security focus with ransomware. The nightmare of a ransomware scenario – losing control of data and having to interact with criminals holding it for ransom – has given many businesses a one-track mind when it comes to protection. The result: many companies protect themselves against ransomware and only ransomware. These businesses have employed tools that will protect or recover from a ransomware event, but they’ve lost sight of the vast remaining landscape of a business’s security needs. 

For business leaders and buyers to have any justification for sleeping easy, their security strategies must also address risks that include hardware devices with system and data access becoming lost or stolen, unsecured networks, nefarious insider threats, and employee behavior itself. Poor security hygiene on the part of otherwise well-meaning employees is, in fact, the most significant risk area of all for businesses.

Without diligent employee security training and governance oversight, employees may share their login credentials and devices with others, use unsecured connections, or even attempt to undermine security controls in the interest of easier usability and performance. Each of these risk areas is exacerbated by the rise of work-from-home practices, placing employee-used devices beyond the protections of a centralized office network. Employees are more likely to share devices with family members, leave credentials unguarded out of convenience, or generally disregard safety without the reminders of the shared workplace.  

To secure these risk areas, security tooling should include robust data encryption and access controls to secure and prevent data breaches on devices that fall into the wrong hands. Continuous employee training is also essential. It should feature capabilities for testing employees in realistic (and live) scenarios to ensure they’ll take secure actions when faced with phishing emails or other threats. Activity reporting and logging are also crucial for demonstrating regulatory compliance if the need arises.

However, simple logs and security alerts fall short of the ideal in the face of active incidents. Instead, tooling capable of granular automated responses in real-time is far more effective. For example, geofencing-based security that can define a perimeter around an employee’s home office can send warnings to the employee’s device if it begins to leave the area and immediately revoke all access to company data if it goes beyond a set distance.  

For buyers, the time is right to broaden your perspective regarding what you’re trying to protect. If you have to have an acronym for choosing a comprehensive strategy, how about “IT’S A BEST PRACTICE” (Ignore The Solution Acronyms, Base Entirely on Security Threats. Protection Resulting After Choosing This Intelligent Course? Excellent).