Endpoint Protection: Are We Fighting a Losing Battle?
Have you ever thought about how your immune system, with its remarkable collection of layered defenses, is able to protect you from infection-causing organisms? Not unlike the human body, enterprises, consumers and our society are engaged in a daily battle against sophisticated cyber criminals. We have seen high-profile data breaches in the headlines: The Heartbleed bug, the Microsoft Internet Explorer vulnerability and even Symantec’s admission that antivirus software is dead. Considering the fallout from large retail breaches, even CEOs have to take an interest in security or pay the price for inattention. All of you must be asking: Are we fighting a losing battle? Are there any new tools and tactics that can help?
The State of Endpoint Protection
The endpoint protection market has historically relied on antivirus products to protect endpoints. In recent years, however, the threat has shifted from viruses to highly sophisticated attacks that the market calls advanced persistent threats (APTs). These attacks are the work of cyber criminals who hope to extract value from stolen corporate assets such as intellectual property or customer data. Antivirus and first-generation anti-malware products have proven ineffective at stopping these threats since APTs are highly dynamic and most go undetected.
A whole new set of security products and approaches have emerged to prevent the new advanced threats and stop zero-day attacks. Customers are bombarded with market messages such as exploit prevention, isolation and whitelisting that describe these approaches. They all have some merit, typically with a narrow focus on a single threat vector, but none have proven effective at stopping dynamic threats, and most of these approaches come with a very high operational cost. Thus, customers are often forced to add yet another new, purpose-specific endpoint product in hopes of stopping these threats.
Redefining Endpoint Protection for the Advanced Threat Landscape
Let’s face the facts: There are too many single-use endpoint protection products out there that create more issues than they solve. These products burden the IT security team with more work rather than act as a force multiplier to make the security team more productive and effective. They also fail the end user usability test since the endpoint protector simply becomes an end user nuisance. Finally, these approaches lack deep security research and intelligence capabilities that provide enterprises with rapidly deployed protections to new threats.
3 Critical Requirements for Endpoint Protection Solutions
In redefining an endpoint defense solution for advanced threats, organizations need a new set of requirements in their battle against these threats. These critical requirements include:
- Multilayered endpoint defense
- Low operational impact
- Dynamic intelligence
Below we will quickly explore what we mean by each of these requirements and how we at IBM approach it.
1. Multilayered Endpoint Defense
The endpoint security approach must be both preemptive and multilayered. It should prevent both known and unknown vulnerabilities through multiple defenses and protections — it cannot rely on just one way to stop advanced threats.
2. Low Operational Impact
The endpoint protection approach should not be a burden, nor should it cause a management tax on the IT security team or the end user. It does not generate the false positives that force IT security teams to either wade through thousands of alerts or ignore them altogether.
KSG solutions provides multilayered endpoint defense without adding additional burdens to your limited staff or impacting your end users. We keep the impact low by:
- Eliminating the traditional security team approach (detect, notify and manually resolve);
- Minimizing impact to end users by blocking only the most sensitive actions;
- Providing an exceptional turnkey service that includes a centralized risk assessment service and direct support of your endpoint users.
3. Dynamic Intelligence
The endpoint security approach should utilize intelligence gathered from multiple endpoints and research so that new protections can be incorporated rapidly as new threats emerge. Enterprises need to know that experts are battling the bad guys on their behalf.
Integration Is Still Key
Endpoint protection is an essential component of a broader defense-in-depth security strategy. Our goal with any endpoint protection solution is to provide threat prevention as part of an integrated system, which brings together innovative security capabilities to prevent, detect and respond to advanced threats in a continuous and coordinated fashion.