Can’t Address Today’s Problems with Yesterday’s Solution - Endpoint security [www.nsslabs.com]

Commonly known as AV (Anti-Virus) and lately EDR (Endpoint Detection and Response) and AEP (Advance Endpoint Protection), technology/IT is about evolution and keeping up with the “Jones” which is really the Hackers (of many shapes / sources: ages, purposes and goals).

• AV – have you heard virus since malware came along?
• AEP – Advance Protection and Automatic Prevention
• EDR – Monitoring, Detection and Forensic Analysis

The numbers, a quick but long list of quotes / stats primarily from NSS Labs report:

• 70% of all successful breaches originate on the endpoint (desktop, mobile, etc.) [InfoSec Island]
• 91% of all cyberattack attempts start with a phish [DarkReading]
• Analyst estimate endpoint security market at $10 Billion in 2017 to $18 Billion in 2023 [Mordor Intelligence]
• The traditional crop of endpoint security solutions has not measured up to the task of fully protecting the endpoint for many years now…has drifted into near irrelevance as polymorphism, advanced evasion technicques, and today’s sheer volume of threats overhelms older defense mechanisms
• 53% of organizations have experienced an endpoint compromise within the last two years [SANS]
• Among the most prevalent exploit kits to target endpoints in 2017, 99% utilized evasion techniques either within the kit itself or in the payload phase [betanews]
• In 2017, there was an 11x increase in the overall volume of malware [DarkReading]
• Attackers release 360,000 new malware samples every day [Infosecurity Magazine]
• 35% of the endpoint attacks in 2018 are expected to be perpetrated by file-less malware, an evasive technique that is growing 20% year-over-year [ZDNet]
• The number of malware samples targeting Internet-of-Things (IoT) devices more than doubled in 2017 [Threatpost]
• In 2017, the average organization lost $5 million due  to  endpoint  attacks,  and  there  were  5,200 breaches that exposed 7.8 billion records, which is a 24.2% increase over 2016 [Ponemon Institute]
• 45% of organizations report that one of the biggest problems they face with their current endpoint security technology is the high number of false positives and security alerts they yield [Ponemon Institute]

While there is magic / silver bullet to address this market will be “entail significant scrutiny and sophistication in the coming years”. Diligence is the selection and POC (Proof of Concept) within one’s organization will be key and few things to keep in mind:

• A rigorous testing methodology to use as a yardstick across the field of contenders
• Consider and  measure factors such as effectiveness against malware, exploits, and blended threats
• Compare the false positive rates of products and assess how well they  detect against advanced and common evasion techniques
• measure the completeness and   timeliness of a product’s threat  event reporting capabilities to  support contextual threat  awareness and threat hunting activities
• Factor in total cost of ownership  (TCO) and product manageability

Evaluation pitfalls to consider:

• How advanced the predictive/preventative
• AI (Artificial Intelligence) is within products that market it
• The trade-off of sticking with an incumbent versus ripping and replacing with a new breed of AEP product
• The feasibility of managing certain advanced but high-touch AEP or EDR platforms given the internal resources available to the security team
• The source of any given vendor’s threat feed and its capability to handle offline use

With Endpoint awareness, comes SIEM (Security Information and Event Management) and SOC (Security Operations Center) reliance/interconnection to be able to manage the incidents and infection, from detection to eradication and the ability to parse through made be effective -- > next blog entry topic for this complementary (best) approach and solution.

So, NSS, Gartner, VARs, etc. will help in the decision process…