For the past few weeks, we have been exploring and investigating modern-day cyber threats. It has brought back memories of reading about the sleuthing chronicles of Baker Street in London. Traversing the anatomy of fileless intrusions, defending against fileless attacks, how ‘machine learning’ works and why it is not enough to keep your endpoints secure make us feel like the Sherlock Holmes of endpoint protection mystery. Perhaps we need to unravel such “mysteries” to discover the true next-gen endpoint protection that would be able to shield us from the latest cybersecurity threats.
Any vendor that claims to have next-gen endpoint protection must provide a holistic approach and comprehensive platform that’s able to withstand any malware and fileless attacks. Piecemeal offerings that only include one or more combination of modern protection methods such as machine learning or cloud-enabled protection capabilities will not be able to provide sufficient protection against today's threats. Also, merely repurposing old protection schemes with marketing buzzwords will not shield against advanced, sophisticated attacks that are constantly being carried out nowadays.
Thwarting the attacks and normalising the threats require a very delicate essence of defence tactics. The “Dr. Watson” in us idealises five essential elements of true next-gen endpoint protection, namely IT Hygiene, Next-Gen AV, Endpoint Detection and Response, Managed Hunting and Threat Intelligence.
Good governance of any IT security architecture will include a “hygiene-first” policy to make sure all the prevalent “low hanging fruits” of attacks are prevented and avoided. Unpatched applications or unprotected BYOD will be an easy target, even for kiddie scripts. These kinds of threats could be easily prevented with pre-emptive measures outlined in “hygiene-first” policies. As expressed in the adage, “prevention is always better than cure”, indeed!
Heuristic antivirus (AV) scanners are very much like magnetic tapes for data backup – very old but useful and still a handy tool to eliminate known threats. Next-gen AV, however, uses behavioural analytics and can improvise using machine learning to detect unknown malicious attacks. Next-gen AV should also be able to analyse long form and retention (archive) data in order to predict behavioural patterns and handle the veracity of the data with their machine learning algorithms. Realistically, this should work hand-in-hand with cloud-enabled protection capabilities that can provide on-demand compute power, storage capacity and scalable application containers.
Endpoint Detection and Response (EDR)
While essential elements like IT hygiene and next-gen AV emphasise more on prevention measures, practically, we also need to embrace the post-attack remedial process with an EDR system. An agile EDR system will record and keep the trail of all activities carried out. It also should have the ability to perform extensive searches both on historical and real-time records to identify threat patterns. It doesn’t stop there. The EDR should be able to mitigate the risk of cyber threats. This holistic approach will fill up the vacuum between the start of the infection and its discovery.
To create a complete bulletproof security parameter with an EDR for IT systems, an expert human touch is needed. Augmenting the agile EDR with a team of security experts will provide a balanced proactive threat monitoring and pattern analysis. After all, the human touch will provide ethnography values that can’t be tracked by any detection system and machine language processors. Having a managed hunting team working together with EDR is definitely a perfect combination for next-gen endpoint security.
It’s really crucial to have handy insights and information about the threats and swiftly implement measures to stop them, as the attacks are happening so quickly and stealthily. Threat intelligence will provide a breathing gap for IT security business unit to mobilise the team and operations to counter the attack tactically. Security professionals realise that having a threat intelligence platform will provide a subtler overview of the threats and tactical advantage to resolve the problems quickly and completely.
These essential elements that will fuel the true next-gen endpoint protection are able to provide a complete solution for any organisation that intends to build a forward-looking IT security framework. While many vendors offer one or more combination of the aforementioned elements, next-gen security vendors such Crowdstrike are able to provide a more holistic and modern approach to protect clients from cyber threats. On top of that, what’s really appealing is that the Crowdstrike Falconâ platform, which is cloud-native, is capable of delivering all the elements discussed above via a single lightweight agent.
For more on Crowdstrike and next-gen endpoint protection, click here.