September 14, 2018
Why Traditional Security Techniques Are No Longer Enough
A next-generation approach is necessary to protect against advanced threats.
Cybercriminals have changed the game.
A few years ago, a traditional defense was sufficient to protect your organization from cyberattacks. Typical malware targeted thousands of users and was relatively easy to detect. Security solutions that were based on blacklisting the signatures of known malware were able to protect against most threats.
But the modern security landscape — and modern cybercriminals — have changed significantly. They’re sophisticated and organized (many cybercrime operations run just like a business), and attack specific users and companies, looking for valuable targets. These attackers are stealthy and quiet, but the damage they do can result in enormous costs. Dealing with these advanced threats requires a new approach.
Soft Targets
Cybercriminals have shifted their strategy to attack the most vulnerable part of any organization’s network: the endpoint. Users with devices such as laptops, tablets and smartphones represent a weak point in an organization’s defense. Once attackers have gained a foothold on an enterprise network, they can get to work on infiltrating more sensitive areas with more valuable data.
IT security personnel are finding that traditional endpoint protections, such as anti-virus software and firewalls, don’t provide sufficient protection against these attacks. To effectively address modern threats, organizations need next-generation endpoint security. Next-gen solutions use artificial intelligence (AI) to recognize threats in real time without the need for signatures, even if the threat hasn’t been seen before. This establishes a streamlined security protocol that enables proactive defense and speeds the response to attacks.
What to Look for from a Next-Gen Endpoint Security Solution
As they get started in their deployment of next-gen endpoint security, IT professionals should ask themselves several important questions:
- Are we looking to reduce staff and improve resources by automating security?
- What tools, if any, are we using for detection and response? Are we looking to automate cloud-based security analytics?
- Do we have a cloud strategy for the next 18 to 36 months? Is security a consideration?
- What is the state of application visibility for our data center?
The answers to these questions will help organizations find the next-gen endpoint security solution that best meets their needs. As they determine the appropriate solution, IT leaders should consider several important factors:
- User behavior analytics (UBA) and endpoint detection response (EDR): By providing flexible, immediate reporting, UBA and EDR can help keep pace with modern cybersecurity threats, enabling security personnel to see a threat in real time on the network and helping them to react and respond in real time.
- Data center: Next-gen endpoint security solutions also protect the data center from endpoint-based attacks. Components such as EDR can police the data center network to determine if a user’s host is compromised. They can also identify targets such as the information the intruder is trying to find or file stores that may be attacked by ransomware.
- Services: Many solution providers and third parties offer services tools to augment next-gen endpoint security products. These services can include wire scan, which provides visibility into in-house applications to enable profiling of them prior to policy setting. This step can prevent business shutdowns that occur due to “false positives” that identify legitimate data traffic as an attack.
Threat hunting and risk mitigation also are valuable services. By using these services, organizations can reduce the burden of threat detection on IT staff. This enables organizations to maximize resource efficiency, streamline deployment and management, achieve cost savings, and eliminate both the need to run multiple consoles and the need to run security applications on-premises.
This blog post brought to you by: