7 Types of Content That Will Drive Leads and Revenue

Such was the case with of 2010. An error in the virus signature updates crashed Windows desktops, requiring manual clean up. This left numerous large enterprises paralyzed while technicians raced around to cleaning up affected systems.

When the Target breach was announced in late 2013, the news went from bad, to worse, to jaw dropping, finally settling on just being depressing. Here was a company with tremendous resources and the best technology devastated with a huge breach. Target had all the security goodies: NGFWs, BDS (FireEye), SWGs, people, policies, and PCI compliance reports with big green check boxes all over them. How could this happen?

Rebirth of the Endpoint Security Suite

Even before the Target attack, savvy security people knew the network would never be able to do it all. Regardless of how innovative NGFWs and BDS products were, there are some attacks they cannot detect. Specifically the attacks that ride in on “trusted” traffic, like what happened at Target. If traffic is encrypted, most NGFWs are BDS products are totally blinded. You must decrypt that traffic first and then inspect it. Line-speed decryption is possible, but it adds complexity, overhead, and challenges to a network architecture.

Even while the world was digesting the impact of the Target breach, a new generation of endpoint security products was emerging. These new products were not anti-virus, but rather Endpoint Security Analytics (ESA). Products such as Cylance, CounterTack, Crowdstrike, and Bit9 CarbonBlack entered the market promising to detect malware without signatures using the latest threat intelligence to detect malware. Other companies were quick to jump into the market as well.

Halt and Catch Files

So what is inside endpoint security analytics? Most of these technologies perform some kind of behavior analysis. We fully defined this technology in our series on Security Analytics ().

Typically, these technologies embed themselves deep into the operating system and monitor multiple dimensions of system activity such as API calls, file writes, network traffic, DNS requests, etc. When the system behaves in a “malware-like” manner, the software can report the event, record activity, and if necessary block it. The exact manner in which each of these technologies works varies.

Endpoint ESA Benefits

Endpoint security analytics has numerous advantages to network-based products.

Forensics: Real-time capture of not only system and network activity, but also user interaction as well.
Encryption: Network-based devices are blind to encrypted traffic, unless it is intercepted and decrypted. This is processor intensive and routinely gets bypassed for performance and/or privacy reasons.
Unsecure Networks: Mobile systems wander around to all manner of filthy networks, where they can pick up malware and bring it back into the environment.
Real-Time Defense: It is easier to block activity at the host level, since the software only has to focus on the activities of one system, rather than many.

Endpoint ESA Challenges

However, while ESA can see a lot more on a system, it also has significantly more administrative overhead. While your average IT administrator can handle an anti-virus console, ESA consoles demand highly-skilled incident handlers. These technologies generate a lot of data, only some of which is actually dangerous. Only the most mature security programs will be able to implement and use it effectively.

Conclusion

Old technologies never die, they are just given an HTML5 interface and have the word “next generation” prefixed to the name. The endpoint security market is coming back and this time, there may be no stopping it. This time, there is more at stake and the vendors have significantly more clever marketing. In 2005, hacking was something that happened to somebody else. Now hacking is an equal-opportunity annoyance.