Over the past two decades, technology and IT security have changed immensely. However, two things have not changed – hackers are still finding ways to breach network security, and the endpoints (computers, tablets, mobile phones) remain the primary target.
Despite the deployment of antivirus, anti-malware, desktop firewalls, intrusion detection, vulnerability management, web filtering, anti-spam and more, high profile companies are still being breached.
The problems with traditional antivirus:
The keys to protection are detection and response; detecting and stopping the attack is ideal. Quickly responding to an attack that slips through is the next best thing.
The Detection problem:
A problem with most security tools is that they’re looking for something known, such as a known “hash” (a pattern in a file that identifies it as a virus), an IP address, a known vulnerability, or a familiar behavior. Hackers continue to change their techniques to mask their intrusion tactics to bypass security measures.
The Response problem:
Without new, advanced antivirus software capable of sorting out false positives from real threats, it hasn’t been possible to efficiently implement automated responses to infiltrations.
“Next Generation Endpoint Protection (NGEP)”
In the past couple of years, a new type of technology has emerged that is designed to detect and prevent threats at the endpoint using a unique behavior-based approach.
Instead of looking for something known or it’s variant like signature-based detection, next-generation endpoint security is analyzing file characteristics (to uncover known and unknown file-based malware) as well as the entire endpoint system behavior to identify suspicious activity on execution.
Automated Response and Mitigation:
Endpoint detection and response (EDR) monitors for activity and enables administrators to take actions on incidents to prevent them from spreading throughout the organization. Next-Generation Endpoint Protection (NGEP) goes a step further and takes automated actions to prevent and remediate attacks. Automated and timely mitigation is an integral part of NGEP. Examples of automated mitigation options include quarantining a file, killing a specific process, disconnecting the infected machine from the network, or even completely shutting it down. NGEP is also able to restore an endpoint to its pre-malware, trusted state, while logging what changed and what was successfully remediated.
SCA is currently deploying Next Generation Endpoint Protection. If you would like to hear more about this new advanced technology and consider it for your network, call or email us today for a free consultation at 678-837-3954 or firstname.lastname@example.org.
Dedicated to your success,
Southeastern Computer Associates, LLC