Is your endpoint protection able to keep up with the rapidly changing tactics of today’s attackers? Read on to learn more.
The proliferation of attacks on all businesses from small and medium-sized enterprises to Fortune 100 companies has led to a highly-competitive Endpoint Protection market. There’s plenty of confusion surrounding what differentiates one solution from another, let alone which product will meet your unique business needs. Among the claims and counter-claims about which solution is best, the reality is that the right solution for your organization is not necessarily the one with the loudest voice in the marketplace. Instead, consider whether your approach to endpoint protection matches that of the providers you consider. With rapid changes in the way malware and threat actors are compromising victims, which security solutions are keeping up with the pace? Let’s take a look at 7 changes to modern security thinking that should underlie any effective endpoint protection system today.
1. Your Network Is Everywhere
It’s easy to think that the job of security software is just to protect your devices from malware and data loss, and that indeed has been the traditional approach of legacy AV software, but that only creates a blindspot in defensive thinking. The task is to protect your network from both internal and external threats, and that includes the potential threat from endpoints themselves. Modern, joined-up security thinking understands that this means more than just anti-malware or AV coverage on the device. Firewall control, media control and deep inspection of encrypted and unencrypted traffic are all necessary adjuncts to protecting your entire network, wherever the threat may come from.
2. Keep the Noise Down!
Even today, some vendors still believe that the quantity – rather than the quality – of alerts is what should differentiate a superior product from the rest. But alerts that go unnoticed because they are swimming in a sea of hundreds of other alerts clamouring for attention are as good as no alerts at all, as the Target corporation found out to their cost. False positives, like the boy who cried wolf, also condition weary admins and SOC specialists to tune-out things that may be the next big threat because they simply cannot cope with the quantity of work. Rather than a security solution that provides hundreds of single alerts for each command with little or no context, choose one that provides a single alert with the telemetry and details of all the related commands, whether that be one or one hundred, automatically mapped into the context of an entire attack story.
3. Threats Are Local – Detection Should Be, Too
We live in the age of the Cloud, but malicious software acts locally on devices, and that’s where your endpoint detection needs to be, too. If your security solution needs to contact a server before it can act, to get instructions or check files against a remote database, you’re already one step behind the attackers. Will the security software even get its message to the outside world if the attacker takes over DNS settings? Will it receive a reply if the malware blocks incoming connections? Malware may have already done its damage by the time a cloud-based solution has done the round-trip to a server somewhere far, far away.
4. Less is More
There’s power in simplicity, but today’s threatscape is increasingly sophisticated. While some vendors think the amount of tools they offer is a competitive advantage, it just increases the workload on your staff and locks knowledge into specialized employees that may one day take themselves – and that knowledge – elsewhere. You want to be able to eliminate threats fast and close the gaps. You also want the ability to do deep forensics if you need to without having to turn to yet another tool or vendor. Adding more and more tools to cover all the possibilities is a never-ending race as both attackers and defenders seek to exploit emerging technologies. Look for endpoint protection that takes an holistic approach, that builds all the features you need into a single agent, fully monitored and maintained by our support team.
5. Seeing is Believing
We know endpoint protection can fail; it’s the nature of the game that attackers will adapt to defenders. If you can’t see what your endpoints are doing, how can you be sure that one of them hasn’t been compromised? Has a remote worker clicked a phishing link and allowed an attacker access to your network? Is a zero-day vulnerability in a third-party dependency allowing cybercriminals to move around inside your environment undetected? Visibility is key, but attackers have now embraced encrypted https and acquired their own SSL certificates. You need insight into the devices on your network, and that must include their encrypted traffic in order to detect when threats have sneaked past your defenses and are actively engaged with your assets.
6. Leave No Device Behind
It’s the quiet ones at the back you have to look out for. If your business is 95% harnessed to one platform, it doesn’t mean you can write-off the business risk presented by the other 5% as negligible. Attackers are able to exploit vulnerabilities in one device and jump to another, regardless of what operating system the device itself may be running. As a result, effective endpoint protection needs to be platform-agnostic. Whether your users prefer Linux, Windows or macOS, securing your network means securing them all. You’re only as strong as your weakest link.
7. Move Beyond Trust
Blocking untrusted processes and whitelisting the known “good guys” is a traditional technique of legacy AV security solutions that attackers have moved well-beyond, and businesses need to think smarter than that, too. With techniques like process hollowing and embedded PowerShell scripts, malware authors are well-equipped to exploit AV solutions that trust once and allow forever more. Endpoint protection needs to look beyond trust and inspect the behavior of processes executing on the device. Is that “trusted” process doing what it’s supposed to be doing or is it exhibiting suspicious behavior?
How Terra Nova Can Help
Terra Nova is eager to bring about positive change to the IT industry with how we protect businesses from the latest threat landscape utilizing SentinelOne at the forefront of our platform. Featured within our proactive managed services is our Business Protect Package – the only cybersecurity platform that defends every endpoint from every type of attack, AT EVERY STAGE IN THE THREAT LIFECYCLE – all proactively monitored and remediated by our 24/7 Security Operations Center. In true visionary form, this platform features unprecedented rollback capacity for endpoints. In the rare event that a cyber-attack is experienced, affected endpoints can be restored automatically and the organization back to business-as-usual within minutes, all-the-while, the threat being removed and analysis performed and presented in the form of an “attack story line” to explain what happened.
Needless to say, all of the above would typically cost an organization thousands per-attack-event to hire an IT forensics firm that may or may not actually remediate the attack or restore data in its original form, but rather just perform deep analysis of an attack after the fact – often times leaving the organization to pay the ransom with no solid guarantee of recovery. It’s time we change the way cyber-attacks are addressed and exceed client expectations. Drop us a line and our team is standing by ready to discuss your specific needs and how we can help your business succeed and provide you with best-in-class services and support. Let’s make fear of cyber-attacks a thing of the past.
Contact us today to better protect your business against the modern age of threats: