It’s time to be reminded once again how critical the security of our endpoints is to our overall network’s security and risk posture. We all read the bad news headlines about how fast the “bad guys” are advancing. But it’s also a good time to note: so are the “good guys.”
If you look at some of the biggest government attacks over the last two years, two consistent themes arise. There were vulnerabilities in the operating system or an app on the endpoint that was used to gain entry – and that app, of course, hadn’t been patched. And once the attacker got onto the network, using that endpoint as a beachhead, they had unfettered access to move across it – ultimately, in many cases, getting to exactly what they wanted. You know the drill because you’ve heard it repeated more times than you’d prefer. But we don’t have to stop there. There really is good news – and we’re adding to that good news with some recent updates to Traps advanced endpoint protection, a cornerstone of our next-generation security platform.
Take one of our government customers as an example. Their employees are highly mobile. They’re highly targeted. They know there are great risks on their endpoints. They understand what’s at stake. But, luckily, they don’t put their heads in the sand and wait to be told antivirus is dead – and that’s despite government guidance which often still calls for this dying solution to the problem. They’re proactively addressing the multiple risks – both exploits and zero-day malware – with our Traps advanced endpoint protection. I’ll explain a bit more about how it works below. Especially in highly targeted government environments, you need this multi-method breach prevention. What we mean by “multi-method” is that you have to address both unknown malware and exploits that take advantage of those vulnerable operating systems and applications I mentioned previously, using multiple methods for each.
What can you do about exploits without disrupting the user or using a lot of your resources to address them? Many people still believe that addressing exploits is really difficult, disruptive to the end user, and not worth the effort. (In case you’re unfamiliar with exploits, more than 30 percent of recent CryptoWall ransomware attacks were delivered using exploit kits that leveraged unpatched vulnerabilities. You can check out our Cyber Threat Alliance CrytoWall Report, 2016 to learn more about this example of how exploits are being used today).
Actually, the good news is that we can detect an exploit as soon as it attempts to execute, and we do so seamlessly. Traps does not perform any system scanning, so the footprint is extremely small, and the CPU utilization and disk I/O are minimal. While actively preventing security breaches, Traps remains essentially transparent to users. And as far as the exploits, there are actually core exploit techniques that are used by all exploit-based attacks. So, yes, there are many thousands of exploits, but the truth is that they all rely on a small set of core exploit techniques, and those techniques don’t change often. We can actually break that chain and block the techniques the second they’re attempted. Here’s a bit more insight into this good news that Traps uses multiple methods for exploit prevention:
What can you do to address unknown malware or zero-days on the endpoint? Traditionally, you’d try to get antivirus to address the issue. But that ship has sailed – AV simply can’t deal with the volume and sophistication of the zero-day (aka “unknown”) threats today. And the first thing attackers do today is make sure their attack shuts off antivirus. In fact, the NTT 2015 Global Threat intelligence report estimates that approximately 54 percent of new cyberattacks go undetected by traditional endpoint protection, but it is likely even higher. The good news is that we have multiple methods we use to thwart unknown malware on the endpoint, including several new features we’ve just announced:
You can read more about any of these capabilities in more detail.
Other things you want to consider:
As our “endpoints” change, and we find ourselves at the dawn of the era of the internet of things (IoT), we need to be careful to keep apace with devices that are added to our networks – both IT and OT. Consider your endpoint as a critical point in the cyberattack life cycle. For those of you in the U.S., you can start with the Cyber Security Strategy and Implementation Plan (CSIP) – what are your most critical assets and what are the many ways, through the cyberattack lifecycle, the adversary can get to that critical data? And then ask yourself in the context of your overall security posture, what gaps do you have amid that attack lifecycle? It’s important to consider our endpoint practices, as I’ve described, before our networks become even more complicated with more devices. Build your endpoint security programs to plan for swiftly changing endpoints. That’s our “new normal.” It’s hard to believe that one day we’ll think of our communications with (and vulnerable access from) our security systems and thermostats just like we do our laptops today. Yes, that’s progress – let’s not be afraid to embrace it.
For more information in modernizing your endpoint security strategies:
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.