As hackers become smarter, generate more and more effective attacks and users continue to work from almost anywhere, IT teams have to get smarter about effective endpoint security. This is going to take a layered approach. This includes moving towards zero-trust. Here are some recommendations.
- Signature and heuristic-based detection – this is what most traditional endpoint protection solutions have used for years (AKA anti-virus and anti-malware). This is, historically, where endpoint protection stopped. Now it is where it starts.
- Contextual detection – this is where machine learning comes in. Even with unknown malware, ransomware and other bad stuff, looking at the context of what is being done can allow you to detect activity which is out of the ordinary.
- Anti-exploit technology – this is where you do continuous monitoring to block zero-days, fileless malware and more. This requires technology that can track all actions taken by all processes to look for anomolies.
- Add the cloud to the mix – Now that you have all of this data, across all of the endpoints of the enterprise, including the end users, servers, the corporate cloud and the public cloud, what do you do with that data. You need a set of tools that can analyze that data in real time, mix in threat intelligence from other sources and likely, even, throw in a pinch of human analysis and then feed that back into each endpoint so that it can adjust it’s protection techniques. (note that the referenced article at the end says that only one vendor does this. That is actually not true. I am sure that only one vendor does it in the very particular way they do it, but that doesn’t mean that many other vendors don’t do the same thing in their own way).
- Threat hunting service – this is where the humans come in and it takes specialized expertise. People who look at this data coming from the endpoints and making sense of it. It is certainly possible that you are the only company on the planet that is being hacked in a particular way – but I seriously doubt it. Even if that were true, the techniques used by hackers are often reused, allowing an experienced threat hunter to detect those patterns.
Doing this is not simple and, unfortunately, not cheap. We have reviewed a lot of tools and have found the best and the brightest. And the most cost effective. You can also do this incrementally, because you are going to have to integrate IT business processes to make this effective.
However, if you don’t start, you will never get there.
The hackers are not going to wait for you. Unfortunately.
Credit: CSO Online