Endpoint Protection: Are We Fighting a Losing Battle?

Have you ever thought about how your immune system, with its remarkable collection of layered defenses, is able to protect you from infection-causing organisms? Not unlike the human body, enterprises, consumers and our society are engaged in a daily battle against sophisticated cyber criminals. We have seen high-profile data breaches in the headlines: The Heartbleed bug, the Microsoft Internet Explorer vulnerability and even Symantec’s admission that antivirus software is dead. Considering the fallout from large retail breaches, even CEOs have to take an interest in security or pay the price for inattention. All of you must be asking: Are we fighting a losing battle? Are there any new tools and tactics that can help?

The State of Endpoint Protection

The endpoint protection market has historically relied on antivirus products to protect endpoints. In recent years, however, the threat has shifted from viruses to highly sophisticated attacks that the market calls advanced persistent threats (APTs). These attacks are the work of cyber criminals who hope to extract value from stolen corporate assets such as intellectual property or customer data. Antivirus and first-generation anti-malware products have proven ineffective at stopping these threats since APTs are highly dynamic and most go undetected.

A whole new set of security products and approaches have emerged to prevent the new advanced threats and stop zero-day attacks. Customers are bombarded with market messages such as exploit prevention, isolation and whitelisting that describe these approaches. They all have some merit, typically with a narrow focus on a single threat vector, but none have proven effective at stopping dynamic threats, and most of these approaches come with a very high operational cost. Thus, customers are often forced to add yet another new, purpose-specific endpoint product in hopes of stopping these threats.

Redefining Endpoint Protection for the Advanced Threat Landscape

Let’s face the facts: There are too many single-use endpoint protection products out there that create more issues than they solve. These products burden the IT security team with more work rather than act as a force multiplier to make the security team more productive and effective. They also fail the end user usability test since the endpoint protector simply becomes an end user nuisance. Finally, these approaches lack deep security research and intelligence capabilities that provide enterprises with rapidly deployed protections to new threats.

3 Critical Requirements for Endpoint Protection Solutions

In redefining an endpoint defense solution for advanced threats, organizations need a new set of requirements in their battle against these threats. These critical requirements include:

  1. Multilayered endpoint defense
  2. Low operational impact
  3. Dynamic intelligence

Below we will quickly explore what we mean by each of these requirements and how we at IBM approach it.

1. Multilayered Endpoint Defense

The endpoint security approach must be both preemptive and multilayered. It should prevent both known and unknown vulnerabilities through multiple defenses and protections — it cannot rely on just one way to stop advanced threats.

Trusteer Apex protects endpoints throughout the threat life cycle by applying an integrated, multilayered defense to prevent endpoint compromise. This preemptive approach breaks the attack chain — the end-to-end process used by attackers to breach an organization — by halting attacks at strategic choke points. Through extensive research, Trusteer has identified specific stages of the attack chain where the attacker has relatively few execution options. Leveraging in-depth technical expertise and unique low-level visibility into application execution paths, this approach accurately and effectively controls these strategic choke points, providing powerful advanced threat protection against both unknown/zero-day threats and known malware. Apex is comprised of the following multilayered defenses:

2. Low Operational Impact

The endpoint protection approach should not be a burden, nor should it cause a management tax on the IT security team or the end user. It does not generate the false positives that force IT security teams to either wade through thousands of alerts or ignore them altogether.

Apex provides multilayered endpoint defense without adding additional burdens to your limited staff or impacting your end users. Apex keeps its impact low by:

  1. Eliminating the traditional security team approach (detect, notify and manually resolve);
  2. Minimizing impact to end users by blocking only the most sensitive actions;
  3. Providing an exceptional turnkey service that includes a centralized risk assessment service and direct support of your endpoint users.

Apex acts as a force-multiplier for your security team by automatically preventing attacks, reducing alerts and noise, and augmenting your security.

3. Dynamic Intelligence

The endpoint security approach should utilize intelligence gathered from multiple endpoints and research so that new protections can be incorporated rapidly as new threats emerge. Enterprises need to know that experts are battling the bad guys on their behalf.

Trusteer and IBM X-Force threat research and intelligence is based on dynamic security feeds provided by tens of millions of protected endpoints around the world — one of the largest vulnerability databases in the industry. Based on research and analysis findings, Trusteer provides security updates that are sent directly to the endpoints.This eliminates the need for costly signature deployments and lengthy wait periods for new protections.

Integration Is Still Key

Endpoint protection is an essential component of a broader defense-in-depth security strategy. Our goal with Trusteer Apex is to provide threat prevention as part of an integrated system, which brings together innovative security capabilities to prevent, detect and respond to advanced threats in a continuous and coordinated fashion.

I began this post with an analogy about how endpoint protection is similar to the human immune system in that they are both fighting against threats to the system. Trusteer Apex provides endpoint protection that acts as the essential inoculation to shutdown malware at the point of infection and prevent advanced threats. Organizations need a way to automatically and accurately determine if an application action is legitimate or malicious and, most importantly, be able to do this in real time. This allows you to block and therefore prevent the malicious actions attempted by advanced threats.

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …