Millions of cyberattacks occur each day, many of which use brand-new malware, including zero-day threats that are capable of exploiting vulnerabilities as quickly as they are found. Laptops and mobile devices are especially at risk because they’re not always connected to the corporate network or protected by a firewall or gateway.
However, hackers are also attacking desktops, severs, cloud-based endpoints and Internet of Things devices. According to the 2018 Survey on Endpoint Protection and Response by the SANS Institute, 84 percent of endpoint breaches involve more than one device.
Traditional signature-based security tools are struggling to keep up with this onslaught. These solutions look for specific patterns in order to identify and block threats that target endpoints. However, there can be significant delays before a signature is created for a threat and security tools and services are updated, creating a risk that advanced threats will compromise vulnerable endpoints.
Organizations that rely solely upon signature-based systems to protect their endpoints are always a few steps behind sophisticated cybercriminals. The SANS survey found that traditional tools detected endpoint compromise just 47 percent of the time.
Next-generation endpoint protection (NGEP) technologies were developed to fill the gaps created by signature-based tools and enable organizations to take a more proactive approach to endpoint security. NGEP uses behavioral analysis, root cause analysis, sandboxing and other techniques to detect threats without relying on signatures alone.
While there is no industry standard or consensus about what features are required to label a product as NGEP, there are certain core capabilities to look. First and foremost, NGEP should be able to capture, visualize and analyze threat activity in real time. Machine learning capabilities make it possible to perform intelligent behavioral analysis, immediately distinguish between normal and abnormal activity, and take action automatically.
An NGEP solution with sandboxing capabilities allows you to analyze suspicious files in an isolated environment. NGEP should also be able to recognize traffic between an endpoint and the origin of the threat to prevent any follow-up actions by the hacker.
NGEP must support all three phases of the threat execution lifecycle. In the pre-execution phase, NGEP reduces the attack surface by blocking known threats and allowing only approved applications. Behavioral analysis and threat activity tracking occur during the on-execution stage. In the post-execution phase, NGEP should support the immediate mitigation, remediation and elimination of the threat. At that point, threats can be analyzed and new signatures generated.
Also, look for an NGEP solution with agentless detection. This is important for organizations that don’t want to install an agent on every endpoint, as well as those that want visibility into devices that don’t have an operating system capable of supporting an agent. Keep in mind that some malware isn’t visible to an endpoint agent, so you need agentless detection to catch those threats as well.
While signature-based tool should still be part of your security strategy, they are no longer sufficient in today’s threat environment. Let us show you how NGEP enables you to take a more proactive approach to security and immediately recognize new threats instead of waiting for signatures to become available.
August 15, 2018