Rethink Your Cyber Security Stack to Avoid Agent Fatigue

by Jessica Stanford on April 21, 2020

No sane person would say cyber security is under control. We’ve all read about way too many data breaches that expose sensitive corporate and personal information, putting hundreds of thousands or millions of people at risk, costing companies enormous sums of money, and damaging corporate reputations.

In an attempt to win more battles than they lose in this never-ending cyber security war, most enterprises employ a layered approach to protecting their environments from cybercriminals. A typical security tech stack includes networking, storage, physical servers, virtualization, management, and application layers.

Would you believe that, within these layers, the average enterprise has 75 security solutions? That’s one big security stack! Not to mention boatloads of agents to maintain and update (i.e., antivirus for malware, email security for phishing attacks, virtualization solutions that contain malware within specified browsers and applications, threat intelligence solutions like SIEM and intrusion detection, etc.)

How Well Do They Work?

Not well enough. For example, browser and application virtualization products leave many attack vectors exposed, including other applications/browsers, email, and operating systems. And when it comes to intrusion detection, security operations center (SOC) teams are said to investigate only 56% of the alerts they receive. Of those, 34% are deemed legitimate and nearly half (49%) of legitimate alerts are not remediated. Kind of scary.

So is the finding that 75 percent of IT security teams are unable to respond to security incidents within one day. And that it’s not unusual for attackers to be able to access compromised environments for extended periods, sometimes more than a year.

Sponsorships Available

Insanity Personified

When an existing security stack isn’t able to stop increasingly sophisticated cyber criminals from infiltrating endpoint devices, which are the gateway to the corporate crown jewels, many organizations respond by bolting on even more cyber security tools. Tools that often take very similar approaches and have redundant capabilities.

Remember that definition of insanity? Doing the same thing over and over again and expecting a different result. Like adding more and more band-aid cyber security tools and their agents to your stack, and expecting (or hoping) they will keep your environment safe.

Just Say No

Wouldn’t it be great if you could stop this insanity? If you could say ‘no’ to maintaining such a large number of questionably-effective security tools?

At Hysolate, we believe the only way to achieve this is by taking an entirely different approach to endpoint security. That’s why, rather than focusing on a point vulnerability, we went to the root of the problem, the one with the most fundamental need: the endpoint operating system.

Hysolate secures the endpoint OS. We use OS isolation to make sure your company’s sensitive and privileged information can’t be compromised, regardless of how cybercriminals get into end-user devices. Because they will get in.

Endpoint Operating System Isolation

Our approach calls for splitting an end-user device into multiple virtual operating systems. We use industry-standard virtualization technologies to create a strong VM boundary between the operating systems.

To safeguard sensitive information, you’ll need two virtual operating system zones. The first one is only for privileged information. Nothing else. To keep it free of cyber threats like malware, you make it fully locked down.

The other OS is for general day-to-day work. It’s open to the internet and used for email and non-privileged information. If people try to use the wrong OS for a particular task, Hysolate automatically redirects them to the correct one.

And here is where Hysolate’s approach shines even brighter: There’s a complete “vGap” between the OSes. This means any cyber criminals who breach the general OS are completely contained within it. They cannot reach the privileged OS or even see that it exists. For added protection and peace of mind, you can configure that general OS to be non-persistent so that it’s wiped clean at specified intervals.

By fixing the root problem, Hysolate enables you to secure your corporate crown jewels without having to commit more acts of insanity. You can simplify and improve your security stack, and sleep better at night.