Think your endpoint security is enough to guard against today’s advanced targeted attacks? You may need to think again.
In security circles, endpoint protection has been “old news” for a few years. There’s no doubt it’s needed, but many companies—facing the veritable onslaught of malicious attacks from an increasing number of vectors—have logically stepped back and looked at the bigger security picture, turning to technology to secure the network as a whole (and often the cloud). A holistic view of security is smart, but is it time to once again look closer at securing the endpoint?
A holistic view of security is smart, but is it time to once again look closer at securing the endpoint?
It is, but certainly not the way we always have.
And here’s why: “Endpoints—or rather the work being done on those endpoints—inevitably become disrupted when a malicious threat breaks through security measures, as well as them becoming vectors from which to spread,” according to Doug Cooke, Senior Director, Sales Engineering, from Intel Security. “Cycles are lost, and with them business, productivity and revenue.” (This is not to mention the PR nightmare a major security breach creates, lost customer confidence, etc.)
Try as businesses do, malicious programs squirrel their way into previously considered “impenetrable” networks; curious employees click on that forbidden link, well-designed social engineering makes that .pdf seem extra legitimate. Employees may lose days while their systems are cleaned, and security admins must turn focus away from preventing fires (or even more importantly improving business) to putting them out.
The evolving threat landscape
One of the reasons that buzz around endpoint security has dropped in recent years, suggests Cooke, is because, although traditional tools are necessary and block the vast majority of threats, today’s threats—zero-day attacks, advanced targeted attacks, use of sophisticated social engineering—are hard for them to catch. “While endpoints must, as always, be protected with anti-virus, firewall, white- and blacklisting, threats must also be responded to immediately and remediated fully in order to prevent downtime, secure vital data and reduce impact,” he says.
Gartner refers to many existing security tools as “set-and-forget” endpoint solutions. Organizations need to better manage when a breach occurs; including the detection, alerting and rapid response to today’s sophisticated threats.
Today’s threats are, of course, more complex than ever. These targeted attacks and persistent threats are smart and insidious as they quietly embed themselves in the network and across endpoints. Unfortunately, it could be days, weeks or months before they reveal themselves and, worse, it can be days and weeks using traditional tools before they are completely removed. Add the speed in which zero-day threats can spread before being recognized, and it’s easy to see how crucial reaction time is crucial before they infect much more of the business than one lone machine.
This security dilemma is compounded for organizations with knowledge workers and “creatives,” Cooke suggests. After all, it can be easy to block employees from accessing potentially dangerous sites and files through blacklisting (and even more secure through whitelisting), but where does that leave innovation, discovery, creativity, and learning?
How can users be given the free reins they need, while enterprises still have security buckled down?
EDR to the rescue
Fortunately, there are solutions on the market that help to answer this challenge. Cooke points to making endpoint detection and response (EDR) software part of your security platform or ideally, as in the case of Intel Security’s McAfee Active Response, a function in your overall security solution.
EDR is an emerging software category that amps up endpoint security, taking it far beyond mere antivirus and blacklisting capabilities. It adds continuous detection and immediate remediation at the user device while working with other solutions to improve protection.
This is crucial since the current response to incidence are limited, because they take a long time to collect data, the sheer volume of which makes it incredibly difficult to process in a timely way. But a solution like McAfee Active Response solves this by running continuously—with an agent footprint and CPU usage similar to existing AV programs—to improve threat detection and speed incidence response. The days and weeks before detection (and to likewise remediate) become seconds and minutes, Cooke notes.
Security administrators or analysts can be alerted to suspicious files or executables acting suspiciously immediately, and take corrective measures, whether that’s to block the file’s execution before it completes, block and delete the file (across any number of endpoints), or additionally set a trigger to block the file in the future.
More than proactivity: continuous detection and response
And because it is part of an ecosystem that incorporates Security Information and Event Manager (SIEM) technology, “Data collected during discovery or the ‘hunting’ of suspicious behavior can be easily analyzed and correlated, arming the security team with the ability to protect against similar future attacks,” Cooke adds.
This is more than the much-desired movement from a reactive to proactive security posture. The incorporating of EDR into a comprehensive security solution—and make no mistake, no single point solution is enough anymore on its own—provides deep, rapid, and most importantly continuous, detection and responsiveness at the user device.
The adoption of EDR solutions is part of what Gartner suggests is a necessary move from an “incident response” mentality to one of “continuous monitoring” in search of incidents that are constantly occurring.
What mentality does your security strategy take? Is it time for you to take another look at your endpoint security and investigate the advanced capabilities of an EDR solution?
Contact your sales rep to schedule a call with a Softchoice Intel Security Vendor Sales Specialist to take you through the Active Response solution, and determine if it’s a good fit for your organization.