If there’s one term that vendors love to attach to their security solutions, it’s “next-gen.” This is especially true for endpoint security products, which are routinely marketed as next-gen, or simply as “game-changers.” Some of these vendors may feel their solutions qualify for next-generation status because they include behavioral detection elements or some degree of machine learning, while still others claim to offer cloud-based protection. But scratch the surface of these claims and it becomes clear that most are reworked versions of the same old platforms that powered the first generation of endpoint protection platform (EPP) solutions. And while some may incorporate one or two newer methods, the majority still rely on dated techniques such as signature-based threat detection and obsolete architecture designed for on-premises delivery.
It Takes More Than a Few New Features
The bottom line is that it takes more than a few new detection features to qualify an endpoint security solution as next-gen. To truly deserve that label, a product needs to offer the complete package, delivering the kind of anticipation, prevention, detection, visibility and intelligence capable of beating the most determined attackers — and defeating them repeatedly. Decision-makers interested in finding such capabilities should insist the solution they choose has the following essential elements:
As outlined in a previous CrowdStrike® blog, IT hygiene is a foundation block for efficient security that allows you to identify and close gaps in your environment. It does this by providing the visibility and information your security and IT teams need to implement preemptive measures and make sure you’re as prepared as possible to face today’s sophisticated threats. As recent cyberattacks illustrate, out-of-date and unpatched applications, credential abuse and employing stolen credentials are key attack vectors. The ability to discover, patch and update vulnerable applications and monitor login activities can give you a tremendous advantage over attackers.
Next-Generation Antivirus (NGAV)
Traditional antivirus (AV) solutions boast of up to 99 percent effectiveness, but a gap of just one percent means 100% probability of a breach by adversaries using either known or unknown malware. That’s why NGAV can be an important tool, though finding the right solution can be challenging. A recent blog on this topic outlines the four steps to choosing the right AV replacement. Among those steps is verifying vendor claims. Organizations should be wary that some vendors claiming to have behavioral analytics capabilities offer solutions that focus exclusively on indicators of compromise (IOCs), which are only present after an attack has occurred. Effective NGAV must also look for indicators of attack (IOAs) that identify active attacks and allow you to stop an event before damage is done. For more information, read “Understanding Indicators of Attack (IOAs).” Also, get practical tips on what to look for in a next-gen antivirus solution by downloading the “Guide to AV Replacement: What You Need to Know Before Replacing Your Current AV.”
Endpoint Detection and Response (EDR)
Because prevention isn’t enough, EDR is a requirement for many organizations. Effective EDR should be able to record all activities, from application execution to network connections to writing a file to disk. EDR must also be able to hunt through massive volumes of recorded data, both historical and real-time, to find malicious patterns of activity. Once something is detected, EDR should offer an easy way to mitigate a breach and eliminate “silent failure” — the gap between when an infection begins and when it’s discovered. Learn how EDR mitigates silent failure.
At the end of the day, attackers are people and as such, they can be adaptive and creative — relying on technology alone to thwart them is simply not enough. To be truly next-gen, a cybersecurity platform should include a managed hunting service. An elite team can find things your automated response systems may miss. It can learn from incidents that have taken place, aggregating crowdsourced data and providing response guidance when malicious activity is discovered. Having expert hunters working 24/7 on your behalf matches the ingenuity of determined attackers like no automated technology can. Read how a proactive hunting strategy can protect valuable data assets from a potential mega breach.
Because sophisticated adversaries can move so quickly and stealthily, security teams must receive intelligence that ensures your defenses are automatically and precisely instrumented throughout your enterprise to stop breaches with minimum impact and maximum protection. Such threat intelligence needs to provide more than the tactical advantage of understanding and resolving incidents faster; it must also offer the proactive alerts and reports that security experts need in order to prioritize their resources at an operational level. Read about the role of award-winning threat intelligence.
Delivering these crucial elements can only be accomplished via purpose-built cloud architecture. The older on-premises model simply isn’t capable of performing the tasks required of a true next-gen EPP solution, such as collecting a massive, rich data set in real time, storing it for long periods and thoroughly analyzing it in a timely manner to prevent breaches. With the cloud, it is possible to store and instantly search petabytes of data, gaining historical context on any activity running on any managed system. Many vendors claiming to have a cloud-based solution actually are still relying on older architectures developed primarily for on-premises systems, though perhaps retrofitted with some newer “cloud-enabled” features. Such a “bolt-on” model can never match the performance of a purpose-built, cloud-native solution.
For more information on these elements, and to learn how the CrowdStrike® platform fulfills the requirements of true next-gen EPP, download the white paper, “CrowdStrike Falcon®: Setting the New Standard in Endpoint Protection.”