mobile logo
14
October

Security Technology: Next-Gen Endpoint Protection

October 14, 2020
In Company, Industry, Partners
By Secure Sense

Week two of Cyber Security Awareness Month is among us and this week our focus is on Security Technologies and knowing what it takes to keep our organizations safe. Today we will discuss Next-Generation Endpoint Protection and what “Next-Gen” means for security in todays landscape.

Why Is Technology Awareness Important?

Knowing what technology is out there, what controls are needed to address the current and emerging threat landscape, and how they work together efficiently is crucial information, especially while security budgets remain tight and security planning is greatly treated as an afterthought to business planning. The term “security awareness” is often associated with teaching employees not to click on suspect ads or links, or how to recognize socially engineered tactics or scams. But for those involved in making decisions about the hardware, software and services used by our companies every day, security awareness also means knowing what controls are necessary to protect against today’s threats (or finding experts you trust to advise you). The IT infrastructure we rely on to do our jobs, build our businesses and provide important services to the public comes hand in hand with technical vulnerabilities, increased attack surface and increased risk. As a VAR and hosted security solution provider, Secure Sense is in a unique position to have the ability to try new emerging technologies, partner with their creators,  and allow our experts to truly evaluate which solutions provide the best value and protection and which ones are perhaps not poised to stand the test of time.

The Challenge of Knowing What Tech We Need

Today, we hear a lot about “next-generation” solutions and many times wonder if “next-gen” has simply become an obligatory marketing term. We should be cautious of buzzwords like “next-gen” and consider whether adding a dark mode theme and 3-D charts is really pushing technological boundaries into the next generation. That said, we see every day the increased skills and resources of attackers and the areas where the technology we used to rely on, even a year or two ago, just wasn’t designed to keep up with the current advancements by threat actors.

For example, take the issue of endpoint protection: Until recently, signature-based static analysis was the name of the game. We’ve seen some malware in the wild, collected file samples or reverse engineered its OS changes and learned how to detect and/or block it—provided, of course, it behaves in such a way as to permit this, and your endpoint is connected to a central management server to receive the newest updates (a huge problem since the dawn of mobile devices, BYOD, remote work, etc.). And then what?  In the cases where an endpoint is compromised, ideally you would quarantine the threat before it starts to spread and  the information harvested from that device wasn’t enough to facilitate other inroads to your environment that don’t require easily detectable means. A clear need for a “next generation” of endpoint protection where the endpoint vendors that couldn’t effectively adapt to address new threats fell behind. The new approach had to be one that would address buyers’ fear that their expensive investment in a new endpoint protection solution wouldn’t simply become obsolete in another year or two, and so what ultimately emerged were technologies that could offer protection that didn’t rely on playing keep up.

Focus on the Endpoint: Separating Fads from Actionable Trends

As a case study, let’s look at the solution of one of our partners, CrowdStrike, and how their Falcon platform approaches a next generation of endpoint protection in comparison to the traditional approach described above.
CrowdStrike’s approach includes the following features:

  • Behaviour-based approach and can monitor file characteristics, unusual execution patterns and other indicators that suggest compromise for both known and unknown threats, leveraging Artificial Intelligence and Machine learning to achieve an extremely high rate of accuracy
  • Leveraging a wide variety of advanced threat intelligence to detect indicators of attack (IoA), rather than static signatures or traditional IoCs.
  • SaaS delivery allowing for all endpoints to receive the newest updates even when they’re not connected to the corporate network
  • Automated response actions to lock down and quarantine systems (along with a wide variety of other actions) whether or not they’re connected to the network based on policies.
  • Response workflows mapped to threat modeling to enhance both full picture visibility and context of incidents, as well as enabling contextualized response actions that are not only targeted and effective but increase operational efficiency
  • An overall focus on operational efficiency, minimizing impacts to endpoints, minimizing the time to resolution, increasing visibility and maximizing business continuity
  • Single lightweight agent deployment to facilitate all of the above

 The evolution of endpoint protection solutions over the past number of years is an instructive one when it comes to solutions where there has been a significant shift in technology to address an emerging need.
The need had arisen in response to the growing number of zero-day threats, fileless attacks and other threats bypassing traditional detection means, along with an imperative to advance automated response capabilities to address operational efficiencies. We have been in a climate of transition in recent years where many companies have wisely migrated to next-gen solutions, but many have hoped their existing last-gen solutions are effective enough to last until licenses expire and budgeting priorities change. The year 2020 has exasperated this situation as Covid-19  has spurred mass migration to a remote work culture, that is unlikely to reverse course even once the global pandemic is brought under control and other aspects of our lives begin to return to normal. This has meant more endpoints than ever before, all connecting from outside the corporate network, accessing sensitive data and greatly expanding the threat surface.

Security Awareness is Threat Prevention

With the sudden dawn of a global pandemic we saw cybersecurity researchers and providers stepping in to offer advice to organizations scrambling to adapt to needs they likely already had that suddenly presented a crisis. Smart organizations had one thing on their mind: ‘how do we adapt to this new landscape without sacrificing our security?’ The answer wasn’t always simple, and another trend emerged in which Secure Sense was quick to participate. We saw countless cybersecurity researchers, solution providers and enthusiasts alike taking to the internet and social media to offer timely advice.

In the end, fostering security awareness is about translating something that can in many cases be very technical to a sense of understanding of what is required of us to play our part in the solution. For today’s organizations, having the right technology is imperative to preventing breaches and protecting our employees and our business.

Secure Sense offers a Next-Gen endpoint protection managed security service powered by CrowdStrike. We provide a comprehensive and customizable solution that protects your endpoints in real time-time. If you’re interested in learning more about Next-Gen endpoint protection, call us at 866-999-7506 or shoot us an email at sales@securesense.ca.

In honour of Cyber Security Awareness Month, we will be sharing insight on the latest cybersecurity news, tips from Secure Sense experts and general security knowledge geared towards keeping you out of the headlines and focused on what matters most, your business. Don’t miss a beat by following along on our TwitterFacebook and LinkedIn Pages.

Catch up on last weeks blogs below:

Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.

Post Tags:

Related Posts

Effective Patch Management Tools for Your Organization

Welcome back to the...

The Evolution from Password Managers to Privileged Access Management. Which is right for you?

Welcome back to the...

A Secure Sense Competitive Advantage

Welcome back to the Cyber Security Month blog! In last week’s blog, we talked about the importance and value of an MSSP, what sets Secure Sense apart from other MSSP’s and how Secure Sense can help your business. Today, we want to continue the conversation around the competitive advantage of working with Secure Sense and what sets us apart in the world of managed security.

In addition to our dedicated customer success teams and our 24×7 SOC (read more in the previous blog here) Secure Sense’s white glove service stands out in many other ways. Continue reading to find out the secret keyphrase, and our competitive advantage.

Expert engineers/analysts

Our experienced technical team comes from diverse technical backgrounds, representing a wealth of security knowledge. They play an integral role in everything we do at Secure Sense; from evaluating partners to developing services, allowing us to focus entirely on the best products and the highest training certificates.

Our engineers, architects, and analysts are required to ensure they are up-to-date on technical training. In addition to solution technical training, our technical team has focused on training in the following areas:

  • Communication for clearer and more accurate ticket updates​
  • Troubleshooting skillsets have led to fewer escalations internally, and ultimately shorter times to remediate​
  • Critical analysis skills which have measurably improved our ticket responses in providing higher quality responses to tickets.

This training has had a measurable increase in the quality of our services, as well as time to remediate and reduce escalations.

Our SOC has many teams that work with our expert analysts to ensure you receive the most from your service. In addition to our security analyst team, Secure Sense has four other technical teams: the reporting team, the threat intel team, the automation team, and the purple team.​

Automation team:

The Secure Sense automation team reviews customer requests, as well as potential customer controls, and ties those controls in with our managed services for automated systems mitigation, stopping threats in their tracks.​

The team is also responsible for:

  • Automated SIEM log analysis, tied into our Threat intelligence team to streamline the ingestion of IOCs into our managed services.
  • Implementing our vendor vulnerability review and remediation systems allows us to reduce our critical vulnerability remediation windows and provide improved visibility into coverage and reporting.
  • Delivering smart-responses from our SIEM solution, and implementation of Reporting team recommendations and improvements.​
  • Automating reporting and alerting directly into our ServiceNOW portal, providing short response times to customer alerts

Reporting team:

Secure Sense has created a dedicated reporting team to streamline and bring more meaningful data to our customers on a regular basis. This team not only builds custom reports, but also analyzes how our customers are using our services, identifying any particular improvements that we could be making to the services, and providing recommendations to the rest of the managed service teams.​

Our reporting team also builds datasets and analyses based on our customer tickets, as well as managed service systems, to identify new use cases and patterns that we can leverage to improve services internally.​

Threat intel team:

Our internal Threat Intel team reviews various events that have occurred and identifies the relevant TTPs. They provide this intelligence to our purple team which will operationalize it.​

The Secure Sense threat intel team focuses on both systematic collection of IOCs and analysis thereof, as well as individual TTPs that are used to identify new and emerging threats. ​The team looks at those tools, Techniques and procedures that threats are using in the market, and identifies how they could be leveraged against our existing customer base, along with better enhancing our services to detect those TTPs when in use.​​

Purple team:​

Secure Sense’s Purple team reflects the blend of both defensive or blue team skillsets, along with offensive or red team skillsets. The team takes tools, techniques and procedures identified by the threat intel team, analyses our customer’s environments and identifies if we can detect them. ​ With customer collaboration, the Purple team can provide execution packages where we can simulate specific components of a threat, and then validate that we have visibility into that TTP being run in a customer environment.

Professional services

Secure Sense’s implementation and support experts are experienced in a wide variety of Professional Services engagements with specialized tactical teams within our extended technical bench, focused on specific technologies and or products.

In most cases, Professional Services are project-based services that require a skilled engineer or architect for a one-time project or short-term change in your organization; or a senior consultant to provide a wide range of risk advisory services. Project teams will also typically address any ongoing support or maintenance after the initial project is complete.

Our cybersecurity consultant team and senior architects hold a broad range of top industry certifications and credentials, along with many years of experience in the industry. Our methodologies for common engagement types have been developed and refined to reflect the most up-to-date best practices and to scale to projects of any size, including global enterprise enablement.

A few of the engagements we commonly offer include:

  • Cybersecurity Architecture Assessment and Design
  • Solution Implementation Services
  • Health Checks
  • Penetration Testing
  • Vulnerability Assessments
  • Threat and Risk Assessment
  • Enablement & Training
  • Ongoing Support

Secure Sense focuses on continual training and certification among our technical ranks in order to provide the most knowledgeable technical support.

Security training

Secure Sense offers security training and can assist in helping your organization to create its cyber security training program. From general employee awareness training to specific security training for your IT and security staff, Secure Sense can help your organization combat the threats they face on a daily basis. Our team is able to offer:

  • Engaging user awareness training for end-users
  • Technology training for security solutions and products
  • Security Analyst training
  • Threat hunting training
  • Threat simulations to give your internal security teams practice in using internal tools
  • Tabletop exercise development and execution to simulate incidents and incident response

Your Key word is “Purple Team”

Don’t forget! Take this keyword and head to our LinkedIn page here to comment on it for your chance to win one of many prizes this month!

As always, if you’re interested in learning more about Secure Sense’s competitive advantage or any of our services, don’t hesitate to reach out to us at 866-999-7506 or sales@securesense.ca!

Continue reading