The Xceptional Blog

Demystifying: Next-Generation Endpoint Security

Written by Natalie | Jul 20, 2018 5:57:03 PM

The term “next-generation” is used quite frequently across the tech industry – it’s not limited to security. Since we see the term so often, it’s easy to gloss over without giving it much thought. Next-generation pretty obviously implies that the product you’re purchasing today is better than the versions that came before it.

When it comes to endpoint security, it’s important to understand why a new generation of tools is needed, and what makes these tools better than the “last generation”. Similar to buying into a tool simply because it uses machine learning, purchasing a tool because it’s labeled as “next generation” can leave you with unmet needs. This is largely because there’s no real standard in the industry dictating what’s required for a product to call itself “next-generation.” While some features are relatively consistent across the solutions claiming to fit into this category, it’s important to dig into the details of exactly what you’re getting.

Let’s demystify the term and value of “next generation” for endpoint security.

Why we need the next-generation

We need a new generation of security tools because we’re dealing with a new generation of threats. Malware authors are highly motivated to get their threats into your network and onto your endpoints. Many of them operate as full-blown software development shops with teams dedicated to building malware, and other teams dedicated to testing it against the very solutions you use to protect your environment. They’re using fileless malware, ransomware, cryptomining, and a variety of other cutting edge approaches to be successful. As a result, you’re not fully protected unless you have tools that are capable of identifying and stopping less common or newly discovered threat types. Which leads us to next-generation endpoint security tools.

We see next-generation used to describe two different products: next-generation endpoint security and next-generation antivirus. Although they sound similar, these products offer very different functionality.

Next-generation antivirus

Next-generation antivirus typically goes beyond its previous generation of point-in-time antivirus to continuously monitor files on the endpoint whether or not they are malicious. This is very useful when a file that initially appeared clean starts to exhibit malicious behavior after getting into your environment. The trouble with these solutions comes in their lack of remediation capabilities you desperately need when a breach is detected.

Next-generation endpoint security

Here’s where it gets tricky. Nearly every endpoint security vendor today calls its product next-generation. Everyone knows outdated approaches don’t stand a chance against new threats. As a result, next-generation endpoint security tools typically come packed with continuous monitoring capabilities similar to those found in a next-generation antivirus, but typically offer far more robust remediation capabilities.

The cloud plays a huge role in next-generation endpoint security. With the rapidly-evolving and frequently-changing threat landscape, we need protection that is just as rapidly and frequently updated with the latest threat intelligence. By taking a cloud-based approach to endpoint security, next-generation tools have constant and instant access to the latest threat intelligence without requiring manual updates from you.

Must-have capabilities

Cisco believes the following six capabilities must be available in an endpoint solution before it can qualify as next-generation:

  1. Flexible deployment options: Next-generation products should make your life easier from your very first interaction with them. They should adapt to your current environment and needs, offering cloud or on-premises deployment options, and protection for every endpoint in your organization, whether it’s a PC, Mac, Linux, iOS, or Android device.
  2. Layered Prevention: With the variety and multitude of threats attempting to enter your environment, multiple preventative engines are necessary. Tools with limited techniques are easily evaded when attackers identify a weakness. Next-generation tools should constantly evolve to protect you against new threat types, like fileless malware and self-propagating ransomware.
  3. Rapid time to detection: With the industry average sitting at 100 days, detecting threats as early as possible is crucial. The longer a threat sits in your environment, the more it spreads, and the more damage it can ultimately do.
  4. Continuous monitoring: If there were a preventative method that could block 100% of threats, endpoint security would no longer be a topic of conversation. Knowing that malware and evasion techniques will always advance and evolve, it’s vital to have visibility into what happens within your environment after a file has been granted access.
  5. Cross-environment integrations: A barrage of point products in your environment don’t save you time or money. And it certainly doesn’t increase your effectiveness. Endpoint security tools should be able to communicate with the other security tools across your environment, sharing and ingesting threat intelligence in order to learn from each other over time.
  6. Prevention, detection, and response capabilities: Prevention and detection capabilities have always been a given in endpoint security, but if your solution doesn’t allow you to investigate and re-mediate within the same lightweight connector, you’re again being robbed of time, money and security effectiveness.

Finding a solution that promises to be better than the products that came before it is great. But don’t take these products at their word. Identify what you need in an endpoint solution, and don’t settle for anything less.

 

 By Kelsey Pierce

Published with permission from blogs.cisco.com