It seems like an easy question: How do you stop a breach? The answer’s not so simple.
Organisations like yours can spend a fortune acquiring the best security technology and personnel – and still get breached. It’s because their security systems were designed to defend networks against malware. But it’s not just malware you need to worry about these days, and it’s not just your network you need to protect. You have to stop breaches where they start: at the endpoint.
[easy-tweet tweet=”security systems were designed to defend #networks against #malware, but things are changing” user=”comparethecloud”]
As organisations grow and become more distributed, adding more endpoints across the enterprise, sophisticated adversaries will continue to aggressively target their data and IT infrastructure. Rather than over-relying on popular anti-virus tools, which alone are insufficient and unable to properly combat advanced cyber-attacks, organisations need to leverage next-generation endpoint security tools in order to more effectively detect and prevent all attack types, at every stage – even malware-free intrusions.
Mistakes Enterprises are Currently Making on the Endpoint
Relying solely on anti-virus technologies. In today’s sophisticated threat landscape, anti-virus technologies alone are not sufficient to prevent persistent and advanced attacks. Adversaries evolve their tradecraft faster than security companies can update their tools. What is compounding the challenge is that attackers increasingly employ malware-free intrusion tactics. In fact, less than 40 percent of attacks today involve malware. You cannot rely on security at the perimeter alone to keep the enterprise safe.
anti-virus technologies alone are not sufficient to prevent persistent and advanced attacks
Solution: Anti-virus software is still useful and must be kept up-to-date. However, responding only to threats that have already been identified is like being a bank guard who lets a robber come in because the police haven’t released a description of a robbery suspect yet. A good bank guard knows to look for malicious activity anywhere it might be found. Traditional anti-virus solutions may catch run-of-the-mill malware, but are no match for advanced adversaries going in with stealthy intrusion tactics. Organisations need to employ next-generation antivirus capabilities that can detect and prevent unknown malware and importantly go beyond that to block attacks that do not use malware at all.
Failing to monitor your enterprise endpoints. The conventional “defence-in-depth” model has focused on defending the perimeter of an organisation. Today, more often than not, adversaries are finding ways to penetrate the network and execute code at the system’s endpoints. We are also witnessing a continuous and ever-evolving sophistication in adversary tradecraft beyond anything we’ve seen before. Watching the perimeter only allows for “silent failure.” That is, once an adversary is inside, he operates freely without threat of detection because nobody is looking. He will operate with impunity, posing grave danger to your organization.
Solution: Employ technologies that monitor endpoints continuously. Real time and historical Endpoint visibility is critical for making the transition from reactive security to proactive hunting and detection. Aggregating large swaths of data and looking for anomalous behaviour across the enterprise will help to identify indicators of attack. If you can identify adversary activity expeditiously, you can isolate and mitigate the attackers impact on your network.
[easy-tweet tweet=”Do you know the critical building blocks for effective cyber defence?” user=”comparethecloud” hashtags=”security”]
What to look for in Next-Generation Endpoint Security Solutions
When evaluating next-generation endpoint security solutions, organisations should ensure that technologies provide the following capabilities:
- Complete Protection – Solutions today need to prevent attacks from both known and unknown malware, allowing organisations to defend against attacks that existing security tools can’t stop. Modern threats come in all shapes and sizes. You need a solution that covers all types of attacks, from commodity malware to the most advanced persistent threats. Ensure that next-gen endpoint protection tools provide proactive and continuous protection against everyday threats, as well as sophisticated attacks that are undetectable and invisible to traditional malware-centric defences.
- Endpoint Visibility – Visibility and continuous monitoring across every endpoint in an environment is a key requirement. This capability allows you to discover and investigate current and historic endpoint activity in seconds – providing you with a complete and searchable forensic record of endpoint events. Measured time to respond should be measure in milliseconds – with time to remediation in minutes or hours, not days, weeks, or months. This capability should span all major platforms, including Windows, Linux, and Mac.
- Lower Cost & Complexity – Endpoint security platforms that are 100% cloud-delivered reduce costs by 75% versus traditional on-premise solutions and allow for frictionless deployment of sensors to hundreds of thousands of endpoints in minutes. Cloud delivery provides protection where your users are – on or off the network. Cloud delivered endpoint solutions can bring with them significant benefits with respect to to deployment times, reduced hassle and complexity with updates and maintenance and immediate out-of-the-box protection capabilities.
- Indicator of Attack Approach – Organisations need to move beyond a reactive Indicators of Compromise approach to a proactive attack detection strategy. Security tools need to focus on identifying adversary objectives, as opposed to simply detecting malware tools. Detection of attacks in progress provide the ability to spot an attack prior to a devastating data breach.
Organisations need to move beyond a reactive Indicators
These core areas are no longer just part of an emerging approach but critical building blocks for effective cyber defence. While there is no end in sight to the arms race between attackers and defenders, the tools at the disposal of enterprise security professionals are dramatically improving. In the defender’s toolbox, the Next-Generation Endpoint category of tools is proving that an evolution in the way that endpoint security is handled is both necessary and available.