This often proves to be a significant challenge. After all, the sheer number of endpoints that can act as a gateway for malicious purposes presents such a large attack surface that the likelihood of a breach is significant. So how can businesses best minimise risk?
Protect vulnerable vectors
A layered security model – focused on reducing an organisation’s attack vectors that are vulnerable to exploitation by cyber criminals – is the most effective approach. In this scenario, different layers within the security stack guard against specific types of threats, such as file-based or fileless malware, spam and online fraud. The use of technologies based on machine learning algorithms for automating endpoint security is also highly recommended.
Machine learning can reduce the operational costs associated with having large SOC teams. One example of automation might include an endpoint detection and response (EDR) solution that’s augmented with machine learning to only display relevant security alerts. This limits alert fatigue, and can be particularly useful for forensic investigations while not overburdening already stretched IT and security teams. Security technologies built into endpoint security solutions are also highly effective in proactively and accurately identifying unknown malware or vulnerabilities.
Go beyond basic
It is also important to remember that enterprises have different needs, based on the markets they serve as well as the type of infrastructure they have. Highly virtualized infrastructures will be best served by opting for security solutions that offer multiple layers of defence – sometimes even below the operating system – that have been specifically built for virtual environments.
Since large organisations are the ones most likely to deal with highly advanced and targeted attacks, their security solutions should include far more than anti-malware capabilities, and incorporate advanced anti-exploit, EDR, sandboxing, etc. Part of the key to success with an enterprise-grade infosec implementation is to ensure that along with having as many security layers as possible, is that these can also be centrally managed from a single unified management console, offering visibility across the entire infrastructure (both physical and virtual endpoints and services).
Beat attacks early
The biggest innovation in endpoint threat detection/protection, at least when dealing with virtual endpoints, is memory introspection. Memory introspection is a technology that’s currently unique in the market and can help organisations detect even unknown zero-day vulnerabilities, preventing them from executing and deploying malware on protected virtual workloads.
Since traditional security solutions and advanced malware usually “fight” for the same level of privilege and visibility within the operating system, it is always a cat and mouse game between cybercriminals and security vendors to attain that context. Considering the OS is usually the victim and the target of attack, both the attacker and the security solution rely on it for accurate information.
Detecting advanced threats traditionally involves either detecting the payload or having some sort of indicators of compromise (IoC) to spot an anomaly. Hypervisor-based memory introspection however would stop the attack in the really early stages of its lifetime. Practically, this reduces the risk for companies of suffering a data breach and mitigates threats before they can compromise the company’s infrastructure or network.
Since everything is now moving toward the cloud; and infrastructure-as-a-service providers offer great performance for low costs, it is technologies like memory introspection that make a real difference in terms of detecting even the most elusive threats — future-proofing organisations for years to come.
