Vulnerabilities / Threats

5/10/2016
11:15 AM
Sean Martin
Sean Martin
Slideshows
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

What Makes Next-Gen Endpoint Protection Unique?

Here are five critical factors you need to know about today's new breed of endpoint protection technology.
Previous
1 of 6
Next

Image Source: imsmartin

Image Source: imsmartin

As the world of fraud, phishing, and ransomware takes over the headlines, it’s no wonder organizations are looking for new ways to combat these threats. Ransomware attacks in particular have become the new advanced persistent threat, having risen to the top of the list of concerns for organizations both large and small.

It’s also no secret that traditional endpoint protection technologies have not kept up with the challenges presented by these advanced threats; these legacy technologies are simply not able to handle attacks that find their way onto corporate endpoints and then work their way into and around the network.

Worse, many of the “newer” security technologies have all but given up on prevention, focusing instead on detection and remediation. This makes it more difficult for organizations to maintain a positive outlook for their resource-intensive and often extremely expensive cybersecurity programs. Some recent prevention-based approaches are simply ineffective at stopping advanced threats, or they impose too much tuning, operational overhead and management headaches to be viable on a large-scale basis.

Even though malware, exploits, and insiders are able to bypass the perimeter and penetrate endpoints, it's unrealistic to expect antivirus (AV) -- one of most recognizable traditional endpoint security technologies on the market -- to go by the wayside any time soon. Organizations must maintain as many layered, proactive, and defensive capabilities as possible,  AV included. They also need to integrate additional countermeasures, tools and information that help them quickly spot the origination of attacks, understand the intent and future path of attacks, and clearly articulate the means for blocking, remediating and stopping the spread of attacks.

AV and other traditional endpoint security technologies are not dead. These products are still used by many; they are just being overrun by a collection of new-breed protection methods, some of which are better able to handle complex attacks and keep up with culprits as they find new ways to get around the technologies used to thwart them. Reliance on a single method is no longer sufficient.

This slide show provides a view into some of the critical attributes to look for in these new methods. While each method may be viewed and handled differently across the highlighted vendors, it’s important to recognize that the methods, in some form or another, are necessary if organizations are to have a fighting chance at combatting the targeted attacks their endpoints try to deal with on a daily basis.

Note: The team at imsmartin thanks Crowdstrike, FireEye, Palo Alto Networks and SentinelOne for their contributions to this slide collection.

 

Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP with articles published globally covering security management, cloud computing, enterprise mobility, governance, risk, and compliance—with a focus on specialized industries such as ... View Full Bio

Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SeanM902
50%
50%
SeanM902,
User Rank: Apprentice
5/13/2016 | 9:42:47 AM
Re: Good point about threat intel sharing
Thanks for your comment, nathanwburke.

There have been at least a couple write-ups on this topic which provide some insight into this change. Therefore, I won't try to repeat the entire position here in the form of a comment. However, if the EPP vendors want to share their thoughts on this topic with me for the DarkReading audience to see, they can contact me and I would be happy to consolidate this information and report back.
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
5/11/2016 | 1:36:19 PM
Good point about threat intel sharing
Good point about using the cloud to share and ingest intelligence. From the slideshow:

Needless to say, threat intelligence is key. Solutions that don't have access to built-in intelligence need to acquire it through third parties to stay on top of new attack techniques, tactics and procedures.

It will be interesting to see what will happen due to VirusTotal deciding to shut off access to companies that aren't sharing their own analysis. Do you think that companies relying on VirusTotal will move to other competitors (like MetaScan), or will they start sharing their results with VirusTotal?

I agree with your point: ingesting intelligence from constantly updated intel feeds is key. Thanks.

 

New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10000
PUBLISHED: 2018-05-24
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
CVE-2018-10001
PUBLISHED: 2018-05-24
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instabil...
CVE-2018-10001
PUBLISHED: 2018-05-24
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed ...
CVE-2018-10003
PUBLISHED: 2018-05-24
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerab...
CVE-2018-10003
PUBLISHED: 2018-05-24
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been...