Contact Us

|

Careers

|

Change Locale
close

Endpoint security: beyond protection

Security | Posted on July 29, 2016 by Emily A. Davidson

Think your endpoint security is enough to guard against today’s advanced targeted attacks? You may need to think again.

In security circles, endpoint protection has been “old news” for a few years. There’s no doubt it’s needed, but many companies—facing the veritable onslaught of malicious attacks from an increasing number of vectors—have logically stepped back and looked at the bigger security picture, turning to technology to secure the network as a whole (and often the cloud). A holistic view of security is smart, but is it time to once again look closer at securing the endpoint?


A holistic view of security is smart, but is it time to once again look closer at securing the endpoint?

It is, but certainly not the way we always have.

And here’s why: “Endpoints—or rather the work being done on those endpoints—inevitably become disrupted when a malicious threat breaks through security measures, as well as them becoming vectors from which to spread,” according to Doug Cooke, Senior Director, Sales Engineering, from Intel Security. “Cycles are lost, and with them business, productivity and revenue.” (This is not to mention the PR nightmare a major security breach creates, lost customer confidence, etc.)

Try as businesses do, malicious programs squirrel their way into previously considered “impenetrable” networks; curious employees click on that forbidden link, well-designed social engineering makes that .pdf seem extra legitimate. Employees may lose days while their systems are cleaned, and security admins must turn focus away from preventing fires (or even more importantly improving business) to putting them out.

The evolving threat landscape 

One of the reasons that buzz around endpoint security has dropped in recent years, suggests Cooke, is because, although traditional tools are necessary and block the vast majority of threats, today’s threats—zero-day attacks, advanced targeted attacks, use of sophisticated social engineering—are hard for them to catch. “While endpoints must, as always, be protected with anti-virus, firewall, white- and blacklisting, threats must also be responded to immediately and remediated fully in order to prevent downtime, secure vital data and reduce impact,” he says.

Gartner refers to many existing security tools as “set-and-forget” endpoint solutions. Organizations need to better manage when a breach occurs; including the detection, alerting and rapid response to today’s sophisticated threats.

Today’s threats are, of course, more complex than ever. These targeted attacks and persistent threats are smart and insidious as they quietly embed themselves in the network and across endpoints. Unfortunately, it could be days, weeks or months before they reveal themselves and, worse, it can be days and weeks using traditional tools before they are completely removed. Add the speed in which zero-day threats can spread before being recognized, and it’s easy to see how crucial reaction time is crucial before they infect much more of the business than one lone machine.

This security dilemma is compounded for organizations with knowledge workers and “creatives,” Cooke suggests. After all, it can be easy to block employees from accessing potentially dangerous sites and files through blacklisting (and even more secure through whitelisting), but where does that leave innovation, discovery, creativity, and learning?

How can users be given the free reins they need, while enterprises still have security buckled down?

EDR to the rescue

Fortunately, there are solutions on the market that help to answer this challenge. Cooke points to making endpoint detection and response (EDR) software part of your security platform or ideally, as in the case of Intel Security’s McAfee Active Response, a function in your overall security solution.

EDR is an emerging software category that amps up endpoint security, taking it far beyond mere antivirus and blacklisting capabilities. It adds continuous detection and immediate remediation at the user device while working with other solutions to improve protection.

This is crucial since the current response to incidence are limited, because they take a long time to collect data, the sheer volume of which makes it incredibly difficult to process in a timely way. But a solution like McAfee Active Response solves this by running continuously—with an agent footprint and CPU usage similar to existing AV programs—to improve threat detection and speed incidence response. The days and weeks before detection (and to likewise remediate) become seconds and minutes, Cooke notes.

Security administrators or analysts can be alerted to suspicious files or executables acting suspiciously immediately, and take corrective measures, whether that’s to block the file’s execution before it completes, block and delete the file (across any number of endpoints), or additionally set a trigger to block the file in the future.

More than proactivity: continuous detection and response

And because it is part of an ecosystem that incorporates Security Information and Event Manager (SIEM) technology, “Data collected during discovery or the ‘hunting’ of suspicious behavior can be easily analyzed and correlated, arming the security team with the ability to protect against similar future attacks,” Cooke adds.

This is more than the much-desired movement from a reactive to proactive security posture. The incorporating of EDR into a comprehensive security solution—and make no mistake, no single point solution is enough anymore on its own—provides deep, rapid, and most importantly continuous, detection and responsiveness at the user device.

The adoption of EDR solutions is part of what Gartner suggests is a necessary move from an “incident response” mentality to one of “continuous monitoring” in search of incidents that are constantly occurring.

What mentality does your security strategy take? Is it time for you to take another look at your endpoint security and investigate the advanced capabilities of an EDR solution?

Contact your sales rep to schedule a call with a Softchoice Intel Security Vendor Sales Specialist to take you through the Active Response solution, and determine if it’s a good fit for your organization.

Related Articles

Cloud | May 25, 2020 by Softchoice Advisor

The Softchoice Virtual Discovery Expo (VDX) 2020 has now wrapped. Over 2,000 people registered to hear from Softchoice and our exhibitor partners about the areas driving their digital transformation today. This year, our full-day virtual tech expo happened in a much different context than the inaugural event in 2019. Attendees took away an important message: […]

Collaboration | March 26, 2020 by Softchoice Advisor

The situation surrounding COVID-19 has required many organizations to adjust their way of working. Cybercriminals are doing the same.  The need to shift many workforces to all-remote work creates new challenges, complicating an already complex cybersecurity landscape.   Across the globe, malicious actors are leveraging confusion and uncertainty around this unprecedented scenario to target individuals, businesses and their users.  With many or all end users working […]

Cloud | December 20, 2019 by Ryan Demelo

The stakes surrounding data security and risk mitigation rise with each passing year. Data breach costs continue to increase and potential threats grow more sophisticated.  According to IBM, the average total cost of a data breach – after accounting for remediation, reputational damage and regulatory issues – has reached $3.92 million. While smaller organizations may […]