Earlier this month (March 2016) the SANS Institute released its newest InfoSec whitepaper: “Can We Say Next-Gen Yet? State of Endpoint Security”. Thanks to the rapid proliferation of cloud-based and mobile endpoints this is a critical discussion — Where are companies seeing success, where are they falling behind and what needs to happen for endpoint solutions to truly become “next-gen”?
It’s no surprise that 90 percent of respondents consider desktops, servers, routers, firewalls and printers some of the top endpoints in need of protection — despite the rise of mobile devices, desktops, laptops and servers remain the primary target for hackers. It’s also not shocking that 44 percent of those asked said one or more of their endpoints had been breached in the last 24 months.
Of course, companies aren’t completely defenseless — 57 percent of compromises are detecting through antivirus/IPS alerts while 36 percent come via automated alerts from SIEM systems. As noted by the SANS report, however, “A perfect endpoint management program is impossible without IT being a partner with the core business.” In other words, AV, IPS and SIEM won’t be enough to safeguard company assets; IT must be a part of the discussion on the ground floor.
The report also highlights a number of emerging challenges which make the detection and prevention of endpoint threats more difficult. First is C-suite integration — executives must be able to quickly access and easily review all endpoint security data in a format they can easily digest and which provides an actionable basis for increased funding.
Even once IT are given the green light for tech investment, however, the report calls out another, potentially larger challenge: “Configuring these technologies to work together to protect endpoints both proactively and reactively.” Network World, meanwhile, notes that even the nature of endpoint attacks are changing — hackers are taking a pass on malware in favor of credential theft to gain “legitimate” access and bypass most security measures.
The Next Generation
Bottom line? While existing tools like AV and SIEM provide some insight into endpoint compromise, they’re hopelessly outmatched over the long term. Why? Because they start at the wrong end of the chain. To understand endpoint threats, companies need a solution able to report on all existing endpoints in real-time while also integrating with existing detection systems.
Consider Nexthink. Its high-level Portal is ideal for C-suite oversight, while its ability to integrate with existing protection technologies such as VirusTotal or in-house SIEM provides comprehensive protection. By analyzing behavior at the endpoint itself rather than relying on second or third-hand data, Nexthink not only helps whitelist necessary apps and services but actively detects strange user or app behavior — such as odd logins coupled with massive file requests — to target the emerging cadre of endpoint threats. Time-to-recovery is also critical; on average, companies spend 10 hours per endpoint per incident. Improved avoidance and better access to incident data with Nexthink, offers the potential for increased ROI.
Next-gen threats demand true next-gen endpoint security. The SANS report makes it clear that the market is still evolving to meet this expectation — tools like Nexthink are the first step in bridging the expectation-to-endpoint gap.
To see how Nexthink can improve your organizations security posture, join us at the Nexthink & KPMG – Crack the Insider Threat workshop on April 13, 2016 in Geneva, Switzerland. This workshop, lead by security professionals from Nexthink and KPMG, will focus on how to improve your security strategy in order to prevent, detect and respond to insider threats. Register using this link and we will see you there!