This space has seen tremendous development as endpoint security moves from a single point of protection to safeguarding many endpoints across multiple networks, says Katelyn Dunn.Today’s
security tools must meet the demands of an ever-growing cyber landscape and
evolving threats coupled with expansive
network infrastructures and hybrid architectures.The journey from the single
point of protection to safeguarding many endpoints across multiple networks has
led to tremendous development in this space, stemming from developments in
antivirus solutions to machine learning tools and threat hunting capabilities.
The latest set of endpoint solutions more recently have even incorporated chatbots
to make it easier for analysts to understand events. In this year’s look at endpoint security tools, the SC Labs team found
the trend toward cloud management systems continued, nearly making obsolete the
once standard on-prem server.
The ability of cloud solutions to share information quickly across all
end users with interconnected dashboards linking to a threat intelligence
engine inside their private cloud environment keeps a tool’s users abreast of
attacks found by others and realizes a complete contextual picture of an
attack. Centrally managed offerings also take some of the workload off the
shoulders of administrators.Protecting the endpoint is only a side aspect of protection. What
happens when something gets through? The solutions we looked at almost
exclusively have some sort of endpoint detection and response (EDR) capability
to help security teams understand in the entry point of an attack, what
happened after entry and where the attack spread. The storyboarding feature we
saw trickling into many of these products takes EDR a step further. It is one
thing to know where an attack came from, but what about the bigger picture? For
remediation and rollback purposes, it is crucial to see the attack steps and
the changes made to a system. A complete picture removes the guesswork from the
process and even lends to automating process like patch remediation.If an attack has infected
hundreds of endpoints then removing or sanitizing a few files might not be such
a laborious process, but if a large portion of a network is infected, that
quickly cloud become a nightmare. Undoing the damage already would be a mostly
manual process as well as time consuming.
Such widespread infiltration would make it difficult, if not impossible,
to isolate all those sections to prevent further spread and damage. But
real-time response makes threat mitigation straightforward since security teams
can connect to a command-line interface and kill processes and remove files.
This is an important tool in remediating machines in a different locations. A
one-click isolation button included in one product greatly minimized
time-to-action following detection.We are nowhere close to seeing
a single tool providing the security needed across an organization. The threats
are just too advanced, too persistent and too destructive. Multiple layers of
protection and products capable of communicating and working cohesively are the
best defense against those threats. Detection, prevention and remediation, too,
are important.As security teams struggle to
keep up with workload demands stemming from the unrelenting threats testing our
defenses at alarmingly persistent rates, features like storyboarding
functionality take the guesswork out of following an attack vector from
pre-execution to breach and subsequent remediation. The ability to
automatically piece together an incident’s story found in many of these
endpoint tools opens the door to further automation and offers a great deal of
contextual understanding and insight into what occurred. Analysts of all skill
levels also can use this valuable tool to view other, potentially related
detections on a network.Endpoint security Protecting all facets of an infrastructure has grown
increasingly critical to a successful security posture. The shift from
on-premises to cloud and hybrid environments have underscored that criticality,
putting greater demands on security tools. That’s why SC Labs revisited the
endpoint protection space this month.Moving from the idea of
single-point protection solutions to having multiple points across several
networks, has provoked/spawned considerable innovation in endpoint protection,
especially with this most recent round of products. The continued evolution of
these tools is evident as they add attractive features – from storyboarding
functionality and machine learning integration to chatbots.That endpoint
protection and endpoint detection and response have converged in these tools
should come as no surprise − they are natural allies. Most offer contextual
analysis of the start to finish attack process with patch remediation and
automated responses to bolsters analysts’ ability to efficiently perform their
duties. These products can even serve as good teaching tools for junior
analysts, offering a full picture of a breach’s impact and providing automated
workflows and remediation assistance to guide them in their next steps. By
incorporating these tools, organizations will not only protect their endpoints
but get the most out of their existing security tools.Pick of the litterEndgame impressed us with the innovation built into its endpoint security product. The chatbot Artemis and all-around intuitive functionality simplifies the process of following a threat through to remediation. The ease of use and success in detecting threats makes this product an SC Labs Best Buy.Cybereason’s Cyber Defense Platform 19’s lightweight agent and proprietary detection engine that delivers the full attack story and contextual visibility without being overly technical, made it the SC Labs Recommended product this month.Click on the matrix below to see all the specs for the July products.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
