Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/10/2016
11:15 AM
Sean Martin
Sean Martin
Slideshows
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

What Makes Next-Gen Endpoint Protection Unique?

Here are five critical factors you need to know about today's new breed of endpoint protection technology.
Previous
1 of 6
Next

As the world of fraud, phishing, and ransomware takes over the headlines, it’s no wonder organizations are looking for new ways to combat these threats. Ransomware attacks in particular have become the new advanced persistent threat, having risen to the top of the list of concerns for organizations both large and small.

It’s also no secret that traditional endpoint protection technologies have not kept up with the challenges presented by these advanced threats; these legacy technologies are simply not able to handle attacks that find their way onto corporate endpoints and then work their way into and around the network.

Worse, many of the “newer” security technologies have all but given up on prevention, focusing instead on detection and remediation. This makes it more difficult for organizations to maintain a positive outlook for their resource-intensive and often extremely expensive cybersecurity programs. Some recent prevention-based approaches are simply ineffective at stopping advanced threats, or they impose too much tuning, operational overhead and management headaches to be viable on a large-scale basis.

Even though malware, exploits, and insiders are able to bypass the perimeter and penetrate endpoints, it's unrealistic to expect antivirus (AV) -- one of most recognizable traditional endpoint security technologies on the market -- to go by the wayside any time soon. Organizations must maintain as many layered, proactive, and defensive capabilities as possible,  AV included. They also need to integrate additional countermeasures, tools and information that help them quickly spot the origination of attacks, understand the intent and future path of attacks, and clearly articulate the means for blocking, remediating and stopping the spread of attacks.

AV and other traditional endpoint security technologies are not dead. These products are still used by many; they are just being overrun by a collection of new-breed protection methods, some of which are better able to handle complex attacks and keep up with culprits as they find new ways to get around the technologies used to thwart them. Reliance on a single method is no longer sufficient.

This slide show provides a view into some of the critical attributes to look for in these new methods. While each method may be viewed and handled differently across the highlighted vendors, it’s important to recognize that the methods, in some form or another, are necessary if organizations are to have a fighting chance at combatting the targeted attacks their endpoints try to deal with on a daily basis.

Note: The team at imsmartin thanks Crowdstrike, FireEye, Palo Alto Networks and SentinelOne for their contributions to this slide collection.

 

Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP with articles published globally covering security management, cloud computing, enterprise mobility, governance, risk, and compliance—with a focus on specialized industries such as ... View Full Bio

Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SeanM902
50%
50%
SeanM902,
User Rank: Apprentice
5/13/2016 | 9:42:47 AM
Re: Good point about threat intel sharing
Thanks for your comment, nathanwburke.

There have been at least a couple write-ups on this topic which provide some insight into this change. Therefore, I won't try to repeat the entire position here in the form of a comment. However, if the EPP vendors want to share their thoughts on this topic with me for the DarkReading audience to see, they can contact me and I would be happy to consolidate this information and report back.
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
5/11/2016 | 1:36:19 PM
Good point about threat intel sharing
Good point about using the cloud to share and ingest intelligence. From the slideshow:

Needless to say, threat intelligence is key. Solutions that don't have access to built-in intelligence need to acquire it through third parties to stay on top of new attack techniques, tactics and procedures.

It will be interesting to see what will happen due to VirusTotal deciding to shut off access to companies that aren't sharing their own analysis. Do you think that companies relying on VirusTotal will move to other competitors (like MetaScan), or will they start sharing their results with VirusTotal?

I agree with your point: ingesting intelligence from constantly updated intel feeds is key. Thanks.

 

COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13438
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
CVE-2020-13439
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
CVE-2020-13440
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13433
PUBLISHED: 2020-05-24
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.
CVE-2020-13434
PUBLISHED: 2020-05-24
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.