Traditional computer security has focused on protecting the perimeter. While this is still a vital practice, focusing on this alone has ultimately proved unsuccessful. Day after day, high profile hacks continue to happen. With today’s advanced polymorphic and metamorphic threats, the ability to evade your traditional security model has become all too apparent. Today’s attacks are the equivalent of lobbing a grenade over your defenses. The new perimeter is now the endpoint.
There are steps that can be taken to lock down your endpoints. Consider the following…
- System Hardening/Config Control
- Endpoint Protection Service (EPP)
- Vulnerability Scanning and Remediation
These are all traditional prevention approaches that have varying levels of success, but they’re not foolproof. When it comes down to it, defense is difficult while offence is easy. With defense, we have to lock every door, close every gap, and continuously scan for mal-intended files. The problem with this approach is that it takes just one – one missed configured system, one anti-malware program not updating, or one missed patch – to make us open to a breach. This is a common issue among networks, often referred to as deploy and decay.
Knowing what we’re up against, the next logical step is to assume that they will get in, assume breach. Yes, they will get in; it’s just a matter of time. You’re not admitting defeat by thinking this way; it’s actually part of your strategy. That being said, meet the newest and greatest technique - endpoint detection and response - EDR for short.
A good endpoint detection and response product goes way beyond what a traditional endpoint protection service can do. An example would be Carbon Black, which records and analyzes all system activity (network connection, binary files, portal executables, registry and file modifications, etc) and uses 3rd party threat intelligence to compare what’s in the wild with what’s running on your endpoints. You can rewind the clock and query everything that’s running and/or has run on your network. This is important, not only because it gives you another layer of defense, but also because it gives you a recovery strategy when someone does break in.For more information on Carbon Black or WatchPoint’s managed endpoint threat detection and response, schedule a demo today.