Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Next-generation endpoint protection not as easy as it sounds

Tim Greene | July 21, 2015
Rather than looking for signatures of known malware as traditional anti-virus software does, next-generation endpoint protection platforms analyze processes, changes and connections in order to spot activity that indicates foul play and while that approach is better at catching zero-day exploits, issues remain.

For example Triumfant offers Resolution Manager that can restore endpoints to known good states after detecting malicious activity. Other vendors offer remediation features or say they are working on them, but the trend is toward using the same platforms to fix the problems they find.

The problem businesses face is that endpoints remain vulnerable despite the efforts of traditional endpoint security, which has evolved into security suites anti-virus, anti-malware, intrusion detection, intrusion prevention, etc. While progressively working on the problem it leads to another problem.

"They have actually just added more products to the endpoint portfolio, thus taking us full circle back to bloated end points," says Larry Whiteside, the CSO for the Lower Colorado River Authority. "Luckily, memory and disk speed (SSD) have kept that bulk from crippling endpoint performance."

As a result he is looking at next-generation endpoint protection from SentinelOne. Security based on what endpoints are doing as opposed to seeking signatures of known malicious behavior is an improvement over traditional endpoint protection, he says. "Not saying signatures are totally bad, but that being a primary or only decision point is horrible. Therefore, adding behavior based detection capabilities adds value."

So much value that he is more concerned about that than he is about whether there is a hard return on investment. "The reality is that I am more concerned about detection than I am ROI, so I may not even perform that analysis. I can say that getting into a next-gen at the right stage can be beneficial to an organization," he says.

Anti-virus replacement?

So far vendors of next-generation endpoint protection have steered clear of claiming their products can replace anti-virus software, despite impressive test results. But that could be changing. Within a year, regulatory hurdles that these vendors face may disappear, says George Kurtz, CEO of CrowdStrike.

Within a year rules that require use of anti-virus in order to pass compliance tests will allow next-generation endpoint protection as well, he says. "That's really our goal," he says. "From the beginning we thought we could do that."

He says everyone is focused on malware, but that represents just 40 percent of attacks. The rest he calls "malware-less intrusions" such as insider theft where attackers with credentials steal information without use of malware.

Until regulations are rewritten, it's important for regulated businesses to meet the anti-virus requirement, Abrams says, even though other platforms may offer better protection. "It some cases that's actually more important than the ability to protect because you won't be protected from legal liabilities."

Meanwhile having overlapping anti-virus and next-gen endpoint protection means larger enterprises are likely customers for now vs. smaller businesses with fewer resources, he says. But even for smaller businesses the cost may be worth it.

"What do they have to lose and how much does it cost to lose this information vs how much does it cost to protect it?" Abrams says. "


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.