Volume 20, Issue 53, January - June, 2023

An improved model for comparing different endpoint detection and response tools for mitigating insider threat

Fagbohunmi Grifin Siji¹, Okafor Patrick Uche²

¹Computer Engineering Department, Abia State University, Uturu, Abia State, Nigeria
²Electrical and Electronic Engineering Department, Enugu State University of Science and Technology, Enugu State, Nigeria

ABSTRACT

In recent times there has been an increase in the incidences of leakage of confidential data in various organizations. These organizations have also come to the realization that most of this leakage and data breach is as a result of infiltration on endpoint devices used by their employees. From available data it has been shown that staff training aimed at promoting awareness on the protection of confidential data of the organization has not helped in mitigating these breaches. The involvement of third-party cloud services has not helped either; this is because such third party keeps important and confidential files of the organization so as to help protect their data from their remote location. This situation has led to the emergence of many software products which provide protection for endpoint devices. The aim of this paper is to discuss some of the current methodologies used in current endpoint protection platform as well as endpoint detection and response with a view to throw more light into factors that differentiate traditional negative endpoint protection from positive endpoint protection. The paper will from this analysis design a mathematical model that can be used for effective comparisons of the methods used for Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR). The model will highlight the strengths and weaknesses of different EPP and EDR protocols with a view to knowing the characteristics of models best suited for different application scenarios. The overall goal of the paper is to assist small, medium and large-scale organizations in identifying the characteristics of this Endpoint protection protocol that is ideal for their organization’s operations. The results and analysis provided in this paper will assist various companies in the selection of endpoint protection platform best suited for their organizations. Finally, the paper aims at providing more research inputs in the area of endpoint security with the view to predicting future state of this all-important area of interest.

Keywords: Endpoint protection, Endpoint detection and response, Endpoint protection platform, Data leakage, Privacy, Insider threat

Indian Journal of Engineering, 2023, 20(53), e22ije1651

PDF

DOI: https://doi.org/10.54905/disssi/v20i53/e22ije1651

Published: 12 June 2023