As the world of fraud, phishing, and ransomware takes over the headlines, it’s no wonder organizations are looking for new ways to combat these threats. Ransomware attacks in particular have become the new advanced persistent threat, having risen to the top of the list of concerns for organizations both large and small.
It’s also no secret that traditional endpoint protection technologies have not kept up with the challenges presented by these advanced threats; these legacy technologies are simply not able to handle attacks that find their way onto corporate endpoints and then work their way into and around the network.
Worse, many of the “newer” security technologies have all but given up on prevention, focusing instead on detection and remediation. This makes it more difficult for organizations to maintain a positive outlook for their resource-intensive and often extremely expensive cybersecurity programs. Some recent prevention-based approaches are simply ineffective at stopping advanced threats, or they impose too much tuning, operational overhead and management headaches to be viable on a large-scale basis.
Even though malware, exploits, and insiders are able to bypass the perimeter and penetrate endpoints, it's unrealistic to expect antivirus (AV) -- one of most recognizable traditional endpoint security technologies on the market -- to go by the wayside any time soon. Organizations must maintain as many layered, proactive, and defensive capabilities as possible, AV included. They also need to integrate additional countermeasures, tools and information that help them quickly spot the origination of attacks, understand the intent and future path of attacks, and clearly articulate the means for blocking, remediating and stopping the spread of attacks.
AV and other traditional endpoint security technologies are not dead. These products are still used by many; they are just being overrun by a collection of new-breed protection methods, some of which are better able to handle complex attacks and keep up with culprits as they find new ways to get around the technologies used to thwart them. Reliance on a single method is no longer sufficient.
This slide show provides a view into some of the critical attributes to look for in these new methods. While each method may be viewed and handled differently across the highlighted vendors, it’s important to recognize that the methods, in some form or another, are necessary if organizations are to have a fighting chance at combatting the targeted attacks their endpoints try to deal with on a daily basis.
Note: The team at imsmartin thanks Crowdstrike, FireEye, Palo Alto Networks and SentinelOne for their contributions to this slide collection.