What Is Next-Generation Endpoint Security?
Signature-based security, which relies on comparing threats to a database of previously identified malicious code, still catches roughly 70 to 80 percent of cybersecurity threats, says Arnie Lopez, vice president of worldwide systems engineering at McAfee. That’s not enough to tackle today’s threat landscape.
Next-gen endpoint protection tools provide organizations with the ability “to report on security incidents in great detail, utilize intelligence about threats worldwide and work effectively with other tools in an organization’s cyber defenses,” writes Jeff Falcon, practice lead within CDW’s cybersecurity practice, in a CDW blog post.
Next-gen endpoint security tools provide organizations with a greater degree of context around security events. “By drilling down into the specific details of an incident, such as who the target is, what the attacker is trying to exploit and what other kinds of incidents may be taking place, a next-gen endpoint solution can identify the intent of an attack,” Falcon writes. “With this information, an organization can prioritize the mitigation of high-risk vulnerabilities.”
Additionally, next-gen endpoint protection tools use threat intelligence to help identify attacks and develop stronger defenses, Falcon writes. Next-gen endpoint security tools also enable automation and orchestration into a business’s defensive capabilities and integrate effectively with other cybersecurity solutions. “By building next-gen endpoint solutions into an organization’s incident response, an IT team can get a better picture of the overall security posture,” Falcon writes.
Next-Generation Endpoint Security vs. Traditional Endpoint Security
Traditional endpoint security solutions rely heavily on a signature database, but maintaining such databases in a world of ever-evolving threats is growing increasingly unsustainable.
Additionally, there is an inherent lag time in the distribution of threat signatures to all the endpoints. A real-time security approach that leverages artificial intelligence and machine learning can help overcome that.
Next-generation endpoint security tools with access to real-time threat intelligence can analyze this information and deploy immediate updates to users’ endpoints. This enables agency IT security leaders to block IP addresses, update malware signatures and identify new adversary tactics quickly, providing rapid detection of evolving threats.
Organizations must be smarter about how they determine what is actually a threat, Lopez says, using data not just from endpoints such as laptops and mobile devices but also from the network edge, secure web gateways, firewalls and email getaways. Next-generation endpoint security tools enable agencies to, for example, detect command-and-control server activity that might not be apparent on an endpoint, then feed that data into their telemetry so that they can make smarter security decisions.
Another pillar of next-generation endpoint security is EDR, which moves beyond simple detection of a security compromise and manages an active response that contains the damage, isolates affected systems and recovers normal operations as quickly as possible.
EDR solutions combine a client that is actively conducting anti-virus, firewall security and intrusion prevention, as well as solutions that will immediately respond once a threat is detected.
Next-generation endpoint tools are ideal for securing users’ endpoints at home, Lopez says. “They have their IT-supplied desktops or laptops, but they’re also sometimes having to join from tablets, mobile devices,” he says. “So, having mobile capabilities for your endpoint security is also a big part of next-gen endpoint security.”
Another capability that is popular in next-generation endpoint security platforms is rollback remediation, Lopez says. “As much protection as you put in place, anyone that tells you you’re 100 percent safe has not been doing this for a living. Things are going to happen, and things are going to get through,” he says. “How do you deal with it when it happens?”
Rollback remediation allows agencies to use previously created images, or versions, of a user’s system. When malicious activity and changes are detected, such tools can reverse the changes and restore the system to its previously healthy state. “Then, you should not lose everything you were working on,” he says. “You’ll just lose 10 to 20 percent, versus everything.”