Introduction

Remote working has many employees not only working from home but really from anywhere. Services necessary to work remotely such as VPN, cloud-based applications and internet access vary along with the reliability of those services. Inconsistent service availability means employees work both online and offline.  As attacks against remote systems continue to surface, can endpoint security consistently keep a distributed organization safe?

Video

Offline Protection

One challenge many remote employees experience is inconsistent connectivity. From overworked corporate VPNs to unexpected traffic spikes to cloud-based applications and unreliable internet service, inconsistent availability can stop employees from connecting but not necessarily from working. Employees can often work offline and reconnect either when needed or when services are available.

Many endpoint security solutions – whether signature-based or cloud-based – rely on internet connectivity to provide protection. Signature-based solutions need to be constantly updated while some cloud-based solutions host detection technologies in the cloud. When endpoints are offline, detection may be limited or only as good as the last update.

With ever increasing attacks, endpoint security needs to consistently protect systems wherever they are and whatever their status – online or offline.

Solution

CrowdStrike’s next-gen antivirus is a cloud-native solution that protects against all types of attacks from commodity malware to sophisticated attacks with one solution — even when systems are offline. CrowdStrike’s detection capabilities reside both on the endpoint agent and in the CrowdStrike cloud with Threat Graph. The lightweight Falcon agent that runs on Windows, Mac and Linux endpoint includes all the prevention technologies required to protect the endpoint, whether it is online or offline. Protection policies provide cloud and on sensor machine learning to protect against known and zero-day malware. As shown below for Linux, there are options to customize threshold settings for each category.

Other technologies include custom Indicators of Compromise (IOCs), Windows exploit blocking, and behavioral-based detection or Indicators of Attack (IOAs) to prevent sophisticated fileless and malware-free attacks. While CrowdStrike provides built-in behavioral detections, customers also have the option to add their own custom indicators. Below is just one example of an IOA based detection on a Mac endpoint.

If there is no internet connectivity at the time of the malicious event, the Falcon agent will protect the system and event details will be cached on the endpoint until connectivity is re-established.

Closing

Get immediate time-to-value, extend your visibility and protect your organization no matter where your employees are. Try the CrowdStrike Falcon®® platform for free: https://go.crowdstrike.com/try-falcon-prevent.html

More resources

• CrowdStrike Tech Center
• Sign up for a weekly Falcon demo
• Request a 1:1 Demo
• Guide to AV Replacement
• CrowdStrike Products

Content provided by Anne Aarness