Home » Cybersecurity » Data Security » Endpoint Security: It’s a Whole New World

Endpoint Security: It’s a Whole New World

Once upon a time, endpoint security was just a hall monitor. It watched for known bad files identified with a simple signature and sent you an alert when the file was blocked. To be safe, it would scan every machine daily, an intrusive activity that slowed down machines and sped up the heart rates of affected users and hapless analysts at help desks.

Those days are gone, my friend. Those days are gone. Endpoint security, like all technology, is orders of magnitude more sophisticated now than when it was born. Features that once stood out as innovative and forward-leaning are now “table stakes” – essential for consideration, almost assumed. Here are some of the basic, and not-so-basic, features of modern endpoint protection software.

Topping the list are three sine qua non capabilities:

1. Detection of zero days (previously unknown malware)
2. Detection and prevention of memory-based attacks (a.k.a. “fileless” attacks) that run on an infected machine but never deposit a file on the victim’s system
3. Ability to monitor processes running on an endpoint and identify “bad”, or at least unusual, behavior

If malware somehow slips through the cracks, good endpoint software can and will search all machines in an organization – with no disruption to end users – to minimize the spread of an infection. Naturally, it must generate alerts in response to such events, but it must minimize false positives and provide severity levels and/or intelligible descriptions of the offending malware. Security personnel are notoriously overburdened. They cannot waste time chasing down false alarms, and they must know how to prioritize genuine notifications of intrusion.

To quote John Donne, “No man is an island”. The same is true for endpoint protection, in fact, for any type of cybersecurity tool. Endpoint protection systems need to feed their findings into other (Read more...)