Most businesses are still wrestling with beefing up their existing endpoint security tools--typically a mix of antivirus, host intrusion prevention system (HIPS), host firewall, whitelisting, and heuristics, for example--to better defend against attacks that are morphing so fast that it's impossible to catch everything and targeted malware or attacks that bypass security measures. Bottom line: the human behind the endpoint keyboard is impossible to shield from harm when all it takes is a click to be attacked.
But change is coming. Longtime endpoint security giants Symantec and McAfee, now Intel Security, this week each rolled out integrated security architectures that begin the process of evolving endpoint security beyond the old-school, signature-based prevention approach, to one that is more about quickly detecting and fixing endpoints when inevitable attack attempts occur. And next-generation startups are pushing the endpoint detection & response (EDR) approach, where the endpoint is not merely the problem with security, but a key piece of the solution.
[A slew of startups and veteran security firms are moving toward proactive and adaptive detection and mitigation for securing the endpoint. But few enterprises are ready to pull the antivirus plug. Read The Rebirth Of Endpoint Security.]
There are several key features in modern, or next-generation, endpoint security, and different vendors have different approaches. But the underlying philosophy of the new wave of offerings is the reality that endpoints will be targeted as the initial attack vector, so rapid detection and incident response at the device is crucial.
Here are some of the main elements in modern (or reborn) endpoint security.