Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Three ways to use the cloud to regain control over network endpoints

Dave Cole, Chief Product Officer, CrowdStrike | Jan. 4, 2016
Promising new cloud-based endpoint security solutions can change how we protect against cyber intrusions.

This vendor-written tech primer has been edited to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

The dramatically increased persistence and creativity of attackers call for an equally radical change in how businesses protect themselves. Promising new cloud-based endpoint security solutions can meaningfully change how we protect against cyber intrusions.  Here's how you can leverage the cloud to regain control over endpoints:

1. The cloud can enable enterprises to keep tabs on and learn from attackers as they test attack strategies. Today’s adversaries often have the resources to buy traditional security software, network appliances and virtually any other on-premise solution to figure out how they tick. By re-creating mock networks and endpoint protection systems of victims they target, they can find ways to bypass defenses. Given that on-premise defenses are by design downloaded and available locally, they are naturally exposed to attacker scrutiny-- and without tipping off the vendor or the intended victim.

The cloud disrupts this attack model. With a cloud-based endpoint technology the adversaries may be able to acquire the endpoint sensor software, but when they install it in the lab and run mock attacks, the security provider can see each attack. It's possible, then, to observe the attackers' tactics before they're launched in the wild. The first time they run an attack, it's recorded, analyzed and shared with sensors on every defenders’ machine, preventing that technique from being used again.

In this way, the cloud model changes the fundamental offensive/defensive asymmetry and flips the advantage from the attackers to the defenders.

2. Every attack feeds into new defenses for all. With conventional defenses, even when attackers are unsuccessful, they learn from the process. For example, attacks are typically carried out in multiple stages. An attacker can determine at what point their actions were detected, and adapt their methods to circumvent the detection, reusing the undetected steps that got them to that point.

Having full visibility into the endpoint via cloud architecture allows analysis of each stage of the attack, not just the point at which an attempted intrusion was identified. Using an adaptive security model, defenses can be created in real-time to counter each stage of the attack, as opposed to a single signature or indicator of compromise (IoC)… or even a single behavior. By blocking multiple phases of an attack at once, adversaries are forced back to the drawing board to re-think their entire attack strategy as opposed to a single step. The ability to see events across the kill-chain, in context and in real time, moves the advantage back to the defender.

Everyone benefits from contributing to the cloud – except the attacker.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.