You already know it - the threat landscape has dramatically evolved: it is no longer a question of “if” but a question of “when” your environment will be compromised. Even the numbers are stacked against us: the Verizon DBIR 2015 report found that 70-90% of the malware used to attack organizations are unique, making hashes and signature based detection virtually ineffective.
This ever-shifting threat landscape has pushed security teams to adopt a more proactive mindset. Organizations are ramping up their detection capabilities in an effort to more promptly respond to these advanced persistent attacks, and many security professionals are looking to next-generation detection technology for reinforcement.
A new breed of security technology designed to help organizations dealing with the challenges of more advanced threats has emerged in the past couple of years: next-generation Endpoint Security (or Endpoint Detection and Response).
These platforms put endpoint monitoring and visibility at the core of their functionality for two main reasons:
1. Endpoints are at the heart of almost every cyber attack.
They are the most vulnerable assets in the environment and therefore are commonly used by the hackers as the penetration point. A 2014 study conducted by Ponemon Institute LLC found that 40% of respondents stated their endpoints were the entry point of an attack. Hackers also use them to lurk and persist in the environment. By focusing on endpoint activity security teams have a better chance of spotting malicious activities.
2. Endpoints are often neglected.
In the modern enterprise, with the common use of BYOD, remote access, 3rd party integrations and cloud computing, the environment is overly segmented, making it hard to gain full control over the endpoints connected to the network. In addition, ill-designed endpoint agents are notorious for impairing the user experience, which has lead organizations to neglect their endpoints.
What does NextGen offer vs traditional endpoint solutions?
next-generation solutions were born into the post-signature world. Most of them include detection methodologies that go beyond rigid signature or hash-based rules. Many of them rely on various big data analytics capabilities for the detection of advanced threats.
In addition, most next-generation tools put you in better shape for the day after a breach. They are designed to facilitate better Incident Response, enabling IR teams to ask questions, get answers about an incident, and investigate its source and implications.
But not all next-generation endpoint platforms are alike and there are important considerations one should make when choosing a solution. Cybereason has teamed up with Forrester for a live webinar on the topic, discussing why a switch to next-generation endpoint security is necessary in a post-breach era. Forrester’s principal analyst Rick Holland and VP, Product at Cybereason, Ashish Larivee will review the five most important considerations when evaluating an endpoint security platform.
When done right, a next-generation endpoint security platform significantly reduces the risk and impact of a breach and enables SOC and CIRT teams to better respond to threats. But when improperly designed, a platform can be a burden on users and operators, and fail to provide the expected benefit.
