* Mitigation. Detecting threats is necessary, but insufficient. The ability to perform mitigation must be an integral part of NGEPP. Mitigation options should be policy-based and flexible enough to cover a wide range of use cases, such as quarantining a file, killing a specific process, disconnecting the infected machine from the network, or even completely shutting it down. In addition, mitigation should be automated and timely. Quick mitigation during inception stages of the malware lifecycle will minimize damage and speed remediation.
* Remediation. During execution malware often creates, modifies, or deletes system file and registry settings and changes configuration settings. These changes, or remnants that are left behind, can cause system malfunction or instability. NGEPP must be able to restore an endpoint to its pre-malware, trusted state, while logging what changed and what was successfully remediated.
* Forensics. Since no security technology will ever be 100 percent effective, the ability to provide real-time endpoint forensics and visibility is a must for NGEPP. Clear and timely visibility into malicious activity that has taken place on endpoints across an organization is essential to quickly assess the scope of an attack and take appropriate responses. This requires a clear, real time audit trail of what happened on an endpoint during an attack and the ability to search for indicators of compromise across all endpoints.
To completely replace the protection capabilities of existing legacy, static-based endpoint protection technologies, NGEEP needs to be able to stand on its own to secure endpoints against both legacy and advanced threats throughout various stages of the malware lifecycle. The six pillars described above provide the 360 degrees of protection required for the Cloud generation, where the endpoint has become the new security perimeter.
Sign up for CIO Asia eNewsletters.