Vulnerabilities / Threats

5/10/2016
11:15 AM
Sean Martin
Sean Martin
Slideshows
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

What Makes Next-Gen Endpoint Protection Unique?

Here are five critical factors you need to know about today's new breed of endpoint protection technology.
Previous
1 of 6
Next

Image Source: imsmartin

Image Source: imsmartin

As the world of fraud, phishing, and ransomware takes over the headlines, it’s no wonder organizations are looking for new ways to combat these threats. Ransomware attacks in particular have become the new advanced persistent threat, having risen to the top of the list of concerns for organizations both large and small.

It’s also no secret that traditional endpoint protection technologies have not kept up with the challenges presented by these advanced threats; these legacy technologies are simply not able to handle attacks that find their way onto corporate endpoints and then work their way into and around the network.

Worse, many of the “newer” security technologies have all but given up on prevention, focusing instead on detection and remediation. This makes it more difficult for organizations to maintain a positive outlook for their resource-intensive and often extremely expensive cybersecurity programs. Some recent prevention-based approaches are simply ineffective at stopping advanced threats, or they impose too much tuning, operational overhead and management headaches to be viable on a large-scale basis.

Even though malware, exploits, and insiders are able to bypass the perimeter and penetrate endpoints, it's unrealistic to expect antivirus (AV) -- one of most recognizable traditional endpoint security technologies on the market -- to go by the wayside any time soon. Organizations must maintain as many layered, proactive, and defensive capabilities as possible,  AV included. They also need to integrate additional countermeasures, tools and information that help them quickly spot the origination of attacks, understand the intent and future path of attacks, and clearly articulate the means for blocking, remediating and stopping the spread of attacks.

AV and other traditional endpoint security technologies are not dead. These products are still used by many; they are just being overrun by a collection of new-breed protection methods, some of which are better able to handle complex attacks and keep up with culprits as they find new ways to get around the technologies used to thwart them. Reliance on a single method is no longer sufficient.

This slide show provides a view into some of the critical attributes to look for in these new methods. While each method may be viewed and handled differently across the highlighted vendors, it’s important to recognize that the methods, in some form or another, are necessary if organizations are to have a fighting chance at combatting the targeted attacks their endpoints try to deal with on a daily basis.

Note: The team at imsmartin thanks Crowdstrike, FireEye, Palo Alto Networks and SentinelOne for their contributions to this slide collection.

 

Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP with articles published globally covering security management, cloud computing, enterprise mobility, governance, risk, and compliance—with a focus on specialized industries such as ... View Full Bio

Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SeanM902
50%
50%
SeanM902,
User Rank: Apprentice
5/13/2016 | 9:42:47 AM
Re: Good point about threat intel sharing
Thanks for your comment, nathanwburke.

There have been at least a couple write-ups on this topic which provide some insight into this change. Therefore, I won't try to repeat the entire position here in the form of a comment. However, if the EPP vendors want to share their thoughts on this topic with me for the DarkReading audience to see, they can contact me and I would be happy to consolidate this information and report back.
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
5/11/2016 | 1:36:19 PM
Good point about threat intel sharing
Good point about using the cloud to share and ingest intelligence. From the slideshow:

Needless to say, threat intelligence is key. Solutions that don't have access to built-in intelligence need to acquire it through third parties to stay on top of new attack techniques, tactics and procedures.

It will be interesting to see what will happen due to VirusTotal deciding to shut off access to companies that aren't sharing their own analysis. Do you think that companies relying on VirusTotal will move to other competitors (like MetaScan), or will they start sharing their results with VirusTotal?

I agree with your point: ingesting intelligence from constantly updated intel feeds is key. Thanks.

 

Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
2018 on Track to Be One of the Worst Ever for Data Breaches
Jai Vijayan, Freelance writer,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9071
PUBLISHED: 2018-11-16
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.
CVE-2018-9073
PUBLISHED: 2018-11-16
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
CVE-2018-9085
PUBLISHED: 2018-11-16
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
CVE-2018-9086
PUBLISHED: 2018-11-16
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
CVE-2018-19296
PUBLISHED: 2018-11-16
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.