Security Technology: Next-Gen Endpoint Protection
Week two of Cyber Security Awareness Month is among us and this week our focus is on Security Technologies and knowing what it takes to keep our organizations safe. Today we will discuss Next-Generation Endpoint Protection and what “Next-Gen” means for security in todays landscape.
Why Is Technology Awareness Important?
Knowing what technology is out there, what controls are needed to address the current and emerging threat landscape, and how they work together efficiently is crucial information, especially while security budgets remain tight and security planning is greatly treated as an afterthought to business planning. The term “security awareness” is often associated with teaching employees not to click on suspect ads or links, or how to recognize socially engineered tactics or scams. But for those involved in making decisions about the hardware, software and services used by our companies every day, security awareness also means knowing what controls are necessary to protect against today’s threats (or finding experts you trust to advise you). The IT infrastructure we rely on to do our jobs, build our businesses and provide important services to the public comes hand in hand with technical vulnerabilities, increased attack surface and increased risk. As a VAR and hosted security solution provider, Secure Sense is in a unique position to have the ability to try new emerging technologies, partner with their creators, and allow our experts to truly evaluate which solutions provide the best value and protection and which ones are perhaps not poised to stand the test of time.
The Challenge of Knowing What Tech We Need
Today, we hear a lot about “next-generation” solutions and many times wonder if “next-gen” has simply become an obligatory marketing term. We should be cautious of buzzwords like “next-gen” and consider whether adding a dark mode theme and 3-D charts is really pushing technological boundaries into the next generation. That said, we see every day the increased skills and resources of attackers and the areas where the technology we used to rely on, even a year or two ago, just wasn’t designed to keep up with the current advancements by threat actors.
For example, take the issue of endpoint protection: Until recently, signature-based static analysis was the name of the game. We’ve seen some malware in the wild, collected file samples or reverse engineered its OS changes and learned how to detect and/or block it—provided, of course, it behaves in such a way as to permit this, and your endpoint is connected to a central management server to receive the newest updates (a huge problem since the dawn of mobile devices, BYOD, remote work, etc.). And then what? In the cases where an endpoint is compromised, ideally you would quarantine the threat before it starts to spread and the information harvested from that device wasn’t enough to facilitate other inroads to your environment that don’t require easily detectable means. A clear need for a “next generation” of endpoint protection where the endpoint vendors that couldn’t effectively adapt to address new threats fell behind. The new approach had to be one that would address buyers’ fear that their expensive investment in a new endpoint protection solution wouldn’t simply become obsolete in another year or two, and so what ultimately emerged were technologies that could offer protection that didn’t rely on playing keep up.
Focus on the Endpoint: Separating Fads from Actionable Trends
As a case study, let’s look at the solution of one of our partners, CrowdStrike, and how their Falcon platform approaches a next generation of endpoint protection in comparison to the traditional approach described above.
CrowdStrike’s approach includes the following features:
- Behaviour-based approach and can monitor file characteristics, unusual execution patterns and other indicators that suggest compromise for both known and unknown threats, leveraging Artificial Intelligence and Machine learning to achieve an extremely high rate of accuracy
- Leveraging a wide variety of advanced threat intelligence to detect indicators of attack (IoA), rather than static signatures or traditional IoCs.
- SaaS delivery allowing for all endpoints to receive the newest updates even when they’re not connected to the corporate network
- Automated response actions to lock down and quarantine systems (along with a wide variety of other actions) whether or not they’re connected to the network based on policies.
- Response workflows mapped to threat modeling to enhance both full picture visibility and context of incidents, as well as enabling contextualized response actions that are not only targeted and effective but increase operational efficiency
- An overall focus on operational efficiency, minimizing impacts to endpoints, minimizing the time to resolution, increasing visibility and maximizing business continuity
- Single lightweight agent deployment to facilitate all of the above
The evolution of endpoint protection solutions over the past number of years is an instructive one when it comes to solutions where there has been a significant shift in technology to address an emerging need.
The need had arisen in response to the growing number of zero-day threats, fileless attacks and other threats bypassing traditional detection means, along with an imperative to advance automated response capabilities to address operational efficiencies. We have been in a climate of transition in recent years where many companies have wisely migrated to next-gen solutions, but many have hoped their existing last-gen solutions are effective enough to last until licenses expire and budgeting priorities change. The year 2020 has exasperated this situation as Covid-19 has spurred mass migration to a remote work culture, that is unlikely to reverse course even once the global pandemic is brought under control and other aspects of our lives begin to return to normal. This has meant more endpoints than ever before, all connecting from outside the corporate network, accessing sensitive data and greatly expanding the threat surface.
Security Awareness is Threat Prevention
With the sudden dawn of a global pandemic we saw cybersecurity researchers and providers stepping in to offer advice to organizations scrambling to adapt to needs they likely already had that suddenly presented a crisis. Smart organizations had one thing on their mind: ‘how do we adapt to this new landscape without sacrificing our security?’ The answer wasn’t always simple, and another trend emerged in which Secure Sense was quick to participate. We saw countless cybersecurity researchers, solution providers and enthusiasts alike taking to the internet and social media to offer timely advice.
In the end, fostering security awareness is about translating something that can in many cases be very technical to a sense of understanding of what is required of us to play our part in the solution. For today’s organizations, having the right technology is imperative to preventing breaches and protecting our employees and our business.
Secure Sense offers a Next-Gen endpoint protection managed security service powered by CrowdStrike. We provide a comprehensive and customizable solution that protects your endpoints in real time-time. If you’re interested in learning more about Next-Gen endpoint protection, call us at 866-999-7506 or shoot us an email at email@example.com.
In honour of Cyber Security Awareness Month, we will be sharing insight on the latest cybersecurity news, tips from Secure Sense experts and general security knowledge geared towards keeping you out of the headlines and focused on what matters most, your business. Don’t miss a beat by following along on our Twitter, Facebook and LinkedIn Pages.
Catch up on last weeks blogs below:
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.