Keeping your company’s data safe no means just securing your network. The endpoint is now the main target for hackers.
“It’s very different to create defense for networks today because everything is so ephemeral — Software as a Service, cloud computing and mobility in general,” says Tom Kellermann, chief cybersecurity officer for Carbon Black and former member of the Commission on Cyber Security for the 44th President of the United States. “Traditional network security is being bypassed by cybercriminals who are specifically exploiting the endpoint.”
Enter next-generation endpoint security solutions. They have the sophistication to quickly detect, defend and mitigate high-level attacks, using technology such as data mining and machine learning.
First-Generation vs. Next-Generation Security Solutions
As new threats have emerged, so has the need for a new security solution. Anti-virus, at more than 20 years old, works by keeping a library of threat signatures to combat. However, it has become too easy for hackers to morph signatures so that they are undetectable. They have moved on to other schemes too, such as fileless software, which “embeds itself into an existing file and doesn’t look like a file download, so anti-virus software thinks it’s something benign,” according to Jon Oltsik, senior principal analyst for Enterprise Strategy Group.
In a presentation for RSA’s 2016 conference, Oltsik explored the history of threat detection, showcasing how modern endpoint solutions employ innovative strategies like new types of algorithms, process isolation and sandboxing, behavioral heuristics, and tight integration with threat intelligence. For example, machine learning can track the behavior of users as well as file anomalies, and can detect the properties of fileless malicious software and prevent it from being executed.
Squatters, Hoppers and Retaliators: New Cyberthreats
These innovations are greatly needed, as the latest reports on cybercrime show that today’s cybercriminals are trying new tactics for bigger profits.
“Adversaries are a lot more savvy,” says Kellermann. “They realized that stealing money isn’t the most lucrative thing they can do. Understanding a corporate plan or knowing when one company is going to buy another one and you can short a stock — that’s much more interesting.”
A recent example is the Marriott Hotels breach. Management revealed that hackers had been illegally hiding in the system since 2014, and weren’t just looking to steal credit card numbers. They were lying in wait for specific, high-level guest information such as passport numbers and travel plans.
“Island hopping” is another tactic that’s becoming more common. Criminals break into a secondary target first to reach their primary target. The result is that more companies are being used as unwitting collaborators to access customers and partners.
“You have to be able to discern lateral movement, and assume you’re dealing with a crew, not just one person,” says Kellermann. “Your guard dogs should not bark or growl. The louder you are, the more likely you are to deal with a destructive attack.”
In a survey, Carbon Black found that 51 percent of incident responders saw cybercriminals retaliate when they were detected, wreaking havoc like deleting security log data and stealing infrastructure plans.
Choosing and Using Next-Generation Endpoint Solutions
Most of the major AV vendors, like Symantec, IBM and Microsoft, have added next-generation detection and response solutions to their security products. When you add new players and plenty of startups, businesses have lots of choices available.
“The biggest thing to look for when choosing a solution is a very high detection rate,” says Oltsik. “You want a product to be as close to set-it-and-forget-it as possible, and you don’t have to do anything. This could include hiring a third party to manage detection and response.”
Kellermann recommends looking at MITRE ATT&CK, an independent organization that tests security solutions. However, not all companies provide their software to the organization to review.
Oltsik reminds companies to cast a wide net, and to invest in the search as the security environment becomes more complex.
“Put ample resources into researching new products,” Oltsik says. “If you’re a smaller company, there are products designed for that environment that are easier to use, more cloud-based and less intrusive,” he says. “On the other hand, you shouldn’t dismiss the big brands. They’ve done a lot of innovation.”