Don't miss CLOUDSEC 2017 in Singapore, 22nd August
As calculated by IDC, at least 70% of data breaches contaminated the endpoint devices first before the attacker journeyed on through the rest of the network. This is because endpoints are traditionally under-protected, increasingly connected to the main network, and constantly used by error-prone humans.
Over the years, the number of threats and their sophistication levels are rising too. A 2014 Ponemon Institute study corroborates the claim, with 71% respondents stating that endpoint threats were more difficult than ever to intercept.
Recently, next-generation endpoint protection or next-gen AV has been getting a lot of press. But what does the term actually mean? Currently, there are five most common myths associated with next-gen endpoint protection, and they need to be debunked thoroughly.
Myth #1: Next-gen endpoint protection = machine learning
Machine learning is good at blocking threats hidden in executable files, but struggles in detecting threats hidden in non-executable files, such as malicious scripts in PDFs or Word documents. There are many different threats out there - i.e. ransomware, browser exploits, zero-day threats, and you need many different protection techniques working together to deflect them. Other techniques, working in tandem with machine learning, like web reputation - analyzing a website and assigning it a score, behavioral analysis, sandboxing, application control, and vulnerability shielding, are also critical to ensuring the users have the best protection against the broadest range of threats.
Myth #2: Next-gen solutions deliver 'unbelievable' protection
Some new vendors are making bold claims for their products and present incredible results. Frankly they are unbelievable, as the results come out of testing where the vendors control all parameters, including threats tested, and configuration of competitive products. When tested by reputable, independent organizations like AV-Test, their results simply don't measure up.
Myth #3: Endpoint is the best place to stop threats
Endpoint protection is key but many threats can be blocked at the web or email gateway before they ever make it to your endpoint, leaving your endpoint security to focus on the most sophisticated threats. Web and email security should work in concert with endpoint protection, sharing threat intelligence and giving you a holistic view of what is happening across every threat vector.
Myth #4: All you need to do is prevent threats
The reality is, no vendor can protect you from 100% of the threats. That's why you need tools to not only detect threats but recover from them as well. And, you need security that is highly adaptable so they can counteract similar threats the next time they are encountered. This can only be achieved if the layers of your endpoint protection solution share intelligence, which is difficult to achieve when you're using point products from multiple vendors.
Sign up for CIO Asia eNewsletters.