By Rentia Booysen, Westcon Director, Westcon-Comstor Southern Africa

In recent years, South Africa has experienced a surge in cyberattacks. From the local government, to government agencies and even large enterprises, there are numerous examples of how the country is now firmly in the crosshairs of global cybercriminals. Over the past decade, there have been 74 significant cyber incidents in the country. And that is not even considering the number of unreported data breaches that have taken place.

Even though many companies, both local and abroad, consider antivirus solutions as sufficiently ticking all the boxes when it comes to regulatory, governance, and compliance audits, practically, these offerings provide minimal real security benefits. Even though virtually every endpoint and server in the world run some form of antivirus, security breaches happen at breakneck speeds.

At the end of last year, the Information Regulator reported that 139 local businesses suffered a data breach since the Protection of Personal Information Act (POPIA) was enforced in July 2021. This is largely because companies have a false sense of security from their antivirus implementations. These traditional solutions are essentially signature-based security tools that focus on detecting and responding to known threats after they have already entered a network.

Experienced attackers can bypass antivirus with inexpensive, automated online tools that produce countless unique, unknown attacks. Ultimately, traditional antivirus is proving inadequate for protecting systems against security breaches. In today’s digital environment, companies need to protect themselves from both known and unknown cyberthreats. Prevention is the only effective, scalable, and sustainable way of reducing the frequency and impact of cyber breaches.

Here are ten requirements for securing the endpoints of the modern business beyond an antivirus solution.

1. Pre-emptively block known and unknown threats

According to security company Palo Alto Networks, organisations need to change their thinking regarding preventing security breaches. This requires a move from detecting and responding to incidents after they have already occurred to preventing security breaches from happening in the first place. In today’s hybrid world of work, endpoints must be protected regardless of whether they are online, offline, on-premises or off-site. A key step in accomplishing this is incorporating local and cloud-based threat analysis to detect and prevent unknown and evasive threats.

2. Have no negative impact on user productivity

Of course, having an advanced endpoint security solution in place means little if users get bogged down in its management. Employees must be able to focus on their responsibilities rather than worry about security patches and updates.

3. Turn threat intelligence into prevention automatically

Threat intelligence gathered from within the organisation and using third-party intelligence service providers, and public threat intelligence-sharing constructs can significantly strengthen the company’s endpoint real estate. Automation must correlate the data, identify indicators of compromise, create protections, and push these out throughout the business endpoint footprint.

4. Protect all applications

Security flaws or bugs in applications provide cybercriminals with a large attack surface that traditional antivirus solutions do not protect. An effectivity security infrastructure must provide complete protection against exploits for all applications, whether developed in-house or third-party solutions.

5. Security cannot impact system performance

Just like endpoint protection cannot negatively affect users, it can also not put a strain on system resources. Modern cybersecurity must be lightweight enough not to require significant system resources.

6. Keep legacy systems secure

If there is one thing many local companies can relate to is trying to balance modern applications with legacy infrastructure. This is even more of a concern regarding software and hardware that have moved out of support. Therefore, a complete endpoint security solution must support these ‘unpatchable’ systems by preventing the exploitation of software vulnerabilities, known or unknown, regardless of the availability or application of security patches.

7. Be enterprise-ready

Palo Alto Networks also advises that those security solutions that replace traditional antivirus offerings must be scalable, flexible, and manageable enough to deploy in an enterprise environment. It cannot be overly restrictive to limit business innovation, while it should also be easy to manage across different divisions and geographies.

8. Adhere to regulatory requirements

With the likes of the Protection of Personal Information Act and the General Data Protection Regulation to consider, cybersecurity solutions must ensure the necessary compliance measures are managed.

9. Provide independent verification as an antivirus replacement

Any security product that aims to replace legacy antivirus should have had its performance reviewed and validated by an independent third party. The availability of independent reviews is essential for identifying an industry-accepted solution.

10. Receive recognition from a top-tier industry analyst and/or research firm

Similarly, if the endpoint security solution receives recognition by a respected analyst or research firm, it shows that it meets a standard set of viability requirements which are essential for effective defence.

Modern South African organisations need to move away from a traditional antivirus solution mindset. Today, it is about proactive defence and securing all endpoints that link to the organisational back-end environment.