Commonly known as AV (Anti-Virus)
and lately EDR (Endpoint Detection and
Response) and AEP (Advance Endpoint
Protection), technology/IT is about evolution and keeping up with the “Jones”
which is really the Hackers (of many shapes / sources: ages, purposes and goals).
- AV – have you heard virus since malware came
along?
- AEP – Advance Protection and Automatic
Prevention
- EDR – Monitoring, Detection and Forensic
Analysis
The numbers, a quick but long list of quotes / stats primarily
from NSS Labs report:
- 70% of all successful breaches originate on the
endpoint (desktop, mobile, etc.) [InfoSec Island]
- 91% of all cyberattack attempts start with a
phish [DarkReading]
- Analyst estimate endpoint security market at $10
Billion in 2017 to $18 Billion in 2023 [Mordor Intelligence]
- The traditional crop of endpoint security
solutions has not measured up to the task of fully protecting the endpoint for
many years now…has drifted into near irrelevance as polymorphism, advanced
evasion technicques, and today’s sheer volume of threats overhelms older
defense mechanisms
- 53% of organizations have experienced an
endpoint compromise within the last two years [SANS]
- Among the most prevalent exploit kits to target
endpoints in 2017, 99% utilized evasion techniques either within the kit itself
or in the payload phase [betanews]
- In 2017, there was an 11x increase in the
overall volume of malware [DarkReading]
- Attackers release 360,000 new malware samples
every day [Infosecurity Magazine]
- 35% of the endpoint attacks in 2018 are expected
to be perpetrated by file-less malware, an evasive technique that is growing
20% year-over-year [ZDNet]
- The number of malware samples targeting
Internet-of-Things (IoT) devices more than doubled in 2017 [Threatpost]
- In 2017, the average organization lost $5
million due to endpoint
attacks, and there
were 5,200 breaches that exposed
7.8 billion records, which is a 24.2% increase over 2016 [Ponemon Institute]
- 45% of organizations report that one of the
biggest problems they face with their current endpoint security technology is
the high number of false positives and security alerts they yield [Ponemon
Institute]
While there is magic / silver bullet to address this market
will be “entail significant scrutiny and sophistication in the coming years”.
Diligence is the selection and POC (Proof of Concept) within one’s organization
will be key and few things to keep in mind:
- A rigorous testing methodology to use as a
yardstick across the field of contenders
- Consider and
measure factors such as effectiveness against malware, exploits, and
blended threats
- Compare the false positive rates of products and
assess how well they detect against
advanced and common evasion techniques
- measure the completeness and timeliness of a product’s threat event reporting capabilities to support contextual threat awareness and threat hunting activities
- Factor in total cost of ownership (TCO) and product manageability
Evaluation pitfalls to consider:
- How advanced the predictive/preventative
- AI (Artificial Intelligence) is within products that market it
- The trade-off of sticking with an incumbent
versus ripping and replacing with a new breed of AEP product
- The feasibility of managing certain advanced but
high-touch AEP or EDR platforms given the internal resources available to the
security team
- The source of any given vendor’s threat feed and
its capability to handle offline use
With Endpoint awareness, comes SIEM (Security Information and Event Management) and SOC (Security Operations Center) reliance/interconnection
to be able to manage the incidents and infection, from detection to eradication
and the ability to parse through made be effective -- > next blog entry
topic for this complementary (best) approach and solution.
So, NSS, Gartner, VARs, etc. will help in the decision
process…
