Advanced endpoint protection includes security technologies that can identify new or multi-faceted threats that traditional security software does not normally detect.
Organizations today need advanced protection against an increasingly sophisticated threat environment. Criminal organizations and foreign governments orchestrate most of the security threats that impact information technology (IT) organizations. Cybercrime is a highly lucrative undertaking. Cybersecurity Ventures predicts that the global cost of cybercrime will reach $6 trillion annually by 2021, making it more profitable than global illegal drug trafficking.
With so much money at stake, cybercriminals have become adept at finding new ways to infiltrate IT systems. For example, blended attacks are common. These attacks use multiple, coordinated tactics, none of which would appear suspicious to traditional security systems. Zero-day threats are another common form of attack that standard signature-based scans cannot easily identify. McAfee Labs reports nearly 400,000 new types of attacks every day. Many of these involve minor alterations of existing malware, but they are different enough to elude signature scans.
Traditional, reactive endpoint security tools such as firewalls and anti-virus software generally depend upon known threat information to detect attacks. But advanced technologies go several steps farther by using more proactive technologies, such as machine learning and behavioral analysis to identify potential new or complex threats.
How does advanced endpoint protection work?
An advanced endpoint protection solution includes several, complementary technologies. The aim of an advanced endpoint security solution is to identify a potential threat as early as possible and prevent the threat from entering the network or database. Additionally, advanced tools collect information to provide insight into how the threat operates and how the endpoint can be rendered less vulnerable in the future. Endpoint security solutions typically rely on small software agents at each of the endpoints in the network to record data, send alerts, and implement commands.
An advanced endpoint security solution may include several, or all, of the following technologies or capabilities.
Machine learning. Machine learning, a category of artificial intelligence, analyzes large amounts of data to learn the typical behaviors of users and endpoints. Machine learning systems can then identify atypical behavior and either alert IT staff or trigger an automatic security process. Machine learning-enabled security can scan endpoints for vulnerabilities, such as misconfigurations or a missed patch update. Machine learning is a key way to identify advanced threats against endpoints, as well as new or zero-day threats.
Security analytics. Security analytics tools record and analyze data from endpoints and other sources to detect potential threats. Security analytics can help IT professionals investigate security breaches or anomalous activity and determine what damage may have been done. IT departments can use security analytics to understand what vulnerabilities may have led to a breach and the actions that IT can take to prevent future attacks.
Real-time threat intelligence. Advanced security will have the ability to use real-time threat intelligence from outside security vendors and agencies. Real-time updates on the latest types of malware, zero-day threats, and other trending attacks reduce the time from first encounter to threat containment. Examples of intelligence feeds are:
Device security. Smart, connected devices such as industrial controls, medical imaging systems, office printers, and network routers, are ubiquitous. The number of internet of things (IoT) devices worldwide will reach 125 billion in 2030, according to data company IHS Markit. Many of these connected devices lack security and are vulnerable to a cyberattack. Potentially a single unprotected device can provide a hacker entry to the entire network. In the case of industrial controls, a vulnerable device can enable an attacker to cripple key systems, such as electrical grids. Security solutions for these emerging endpoints may include whitelisting to block unauthorized software or IP addresses and file integrity monitoring to scan for unauthorized changes to configurations or software.
Endpoint detection and response (EDR). EDR isn't brand new technology, but it is more important today as threats increase in sophistication. EDR continuously monitors for suspicious endpoint or end-user behavior and collects endpoint data for threat analysis. EDR solutions may provide automated response features, such as cutting off an infected endpoint from the network, ending suspicious processes, locking accounts, or deleting malicious files.
Rising cybercrime and the increased sophistication of cyberattacks put all organizations at risk of attack. An attack that causes prolonged downtime, or the loss or theft of data, can significantly impact an organization. The National Cyber Security Alliance found that 60% of hacked small- to medium-sized businesses go out of business within six months of a significant, successful attack.
Organizations can minimize the risk of cyberattacks by implementing effective security solutions and practices. Advanced endpoint protection is a critical element of IT security, because any endpoint—whether it's a desktop PC, printer, or an industrial control—is a potential gateway into a network.
Older reactive, static endpoint security solutions of a few years' past are no longer sufficient to keep enterprising hackers at bay, especially with professional criminal groups and nation-states financing many of the attacks. Advanced, dynamic endpoint security technologies, such as machine learning, analytics, and real-time threat updates are increasingly important to the security of IT systems and data.
Advanced endpoint security resources