Redefining Next-generation Endpoint Security Solutions

Similar documents
Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

Virtual Patch Management Offers Automation, Availability, and Cost Benefits Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

This ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG.

Information-driven Security and RSA Security Analytics and RSA ECAT

White. Paper. Rethinking Endpoint Security. February 2015

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

White. Paper. The Big Data Security Analytics Era Is Here. January 2013

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

VMware and the Need for Cyber Supply Chain Security Assurance

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Cybersecurity Skills Shortage: A State of Emergency

Getting on the Road to SDN. Attacking DMZ Security Issues with Advanced Networking Solutions

Compensating Security Controls for Windows Server 2003 Security

Cisco Advanced Malware Protection for Endpoints

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst

Requirements When Considering a Next- Generation Firewall

Security Intelligence: A Key Component of Big Data Security Analytics Date: December 2012 Author: Jon Oltsik, Senior Principal Analyst

White. Paper. Endpoint Security Demands Defense-indepth and Advanced Analytics. November 2013

White. Paper. Cloud Computing Demands Enterprise- class Password Management and Security. April 2013

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Is your organization developing its own custom applications specifically for mobile devices? (Percent of respondents, N=242)

Reducing the Critical Time from Incident Detection to Containment

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

Unified Security, ATP and more

Integrating MSS, SEP and NGFW to catch targeted APTs

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Endpoint Threat Detection without the Pain

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

Research Perspectives

Next-generation Security Architecture for the Enterprise

End-user Security Analytics Strengthens Protection with ArcSight

Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Closing the Antivirus Protection Gap

The ESG Cybersecurity Maturity Model

Security in the smart grid

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Attack Intelligence: Why It Matters

White. Paper. Enterprises Need Hybrid SSO Solutions to Bridge Internal IT and SaaS. January 2013

POLIWALL: AHEAD OF THE FIREWALL

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

IBM QRadar Security Intelligence April 2013

Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices

Vulnerability Management

Cisco Advanced Malware Protection for Endpoints

IBM Security re-defines enterprise endpoint protection against advanced malware

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Integrated Network Security Architecture: Threat-focused Nextgeneration

POLIWALL: AHEAD OF THE FIREWALL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

An Analytics-based Approach to Cybersecurity

Total year-over-year spending change in networking, (Percent of respondents) 37% 36% 35% 37% 29% 26% 16% 13% 0% 20% 40% 60% 80%

The webinar will begin shortly

White. Paper. Understanding and Addressing APTs. September 2012

Carbon Black and Palo Alto Networks

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

Advanced Threat Protection with Dell SecureWorks Security Services

2016 Firewall Management Trends Report

Symantec Advanced Threat Protection: Network

REPORT Perimeter Security Defenses. State of Perimeter Security Defenses, Time to Think Different?

An Old Dog Had Better Learn Some New Tricks

IBM Security IBM Corporation IBM Corporation

How To Understand The Needs Of The Network

Web Application Security Testing Tools and Services

Breaking the Cyber Attack Lifecycle

SANS Top 20 Critical Controls for Effective Cyber Defense

Content Security: Protect Your Network with Five Must-Haves

Leverage security intelligence for retail organizations

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Security strategies to stay off the Børsen front page

The SIEM Evaluator s Guide

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Extreme Networks Security Analytics G2 Vulnerability Manager

The Importance of Cybersecurity Monitoring for Utilities

THE EVOLUTION OF SIEM

DEC Next Generation Security with Endpoint Detection and Response WHITE PAPER

Zak Khan Director, Advanced Cyber Defence

SPEAR PHISHING AN ENTRY POINT FOR APTS

I D C A N A L Y S T C O N N E C T I O N

REVOLUTIONIZING ADVANCED THREAT PROTECTION

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

WhatWorks in Detecting and Blocking Advanced Threats:

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Next-Generation Firewalls: Critical to SMB Network Security

Advanced Threats: The New World Order

Moving Beyond Proxies

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Cisco Security Intelligence Operations

Transcription:

Enterprise Strategy Group Getting to the bigger truth. Solution Showcase Redefining Next-generation Endpoint Security Solutions Date: October 2016 Author: Jon Oltsik, Senior Principal Analyst Abstract: Enterprise organizations face a difficult situation. Many current endpoint security tools can t prevent or detect sophisticated exploits or zero-day malware, forcing CISOs to implement an assortment of next-generation endpoint security tools. Unfortunately, this strategy can increase cost and complexity while introducing the potential for resource contention and performance issues on the endpoints themselves. Is there any alternative to this Faustian compromise? Yes next-generation endpoint security solutions built for centralization, consolidation, and integration that offer functionality for prevention, detection, and response. McAfee s recently announced Dynamic Endpoint Threat Defense is a next-generation endpoint security solution that can improve security efficacy while streamlining security operations. Overview When it comes to endpoint security, ESG research paints a disheartening picture. Last year, while more than two-thirds (67%) of cybersecurity professionals believed the threat landscape had grown worse than it was in the previous two years, 1 80% of respondents to another ESG survey cited that endpoint security (processes and technology management) had become more difficult than it was two years previously. 2 Of course, enterprise organizations have endpoint security technologies in place to help address some of these issues, but many report numerous challenges with current antivirus products, including performance requirements, upgrade processes, the number of false positive alerts, and overall product efficacy in preventing/detecting exploits and malware (see Figure 1). 3 1 Source: ESG Research Report, Cyber Supply Chain Security Revisited, September 2015. 2 Source: ESG Research Report, The Endpoint Security Paradox, January 2015. 3 ibid. This ESG Solution Showcase was commissioned by McAfee and is distributed under license from ESG.

Solution Showcase: Redefining Next-generation Endpoint Security Solutions 2 Figure 1. Antivirus Product Challenges What challenges if any has your organization experienced with the antivirus products used as part of its endpoint security strategy? (Percent of respondents, N=340, multiple responses accepted) Products impact overall performance of endpoint systems 48% New product revisions tend to be extremely different from previous versions requiring a lot of time and resources for training and deployment Too many false positives that classify benign files/software as malware Products are not nearly as effective at blocking and/or detecting malware as they should be AV management doesn t integrate with other security and IT management systems Products are too complex to configure and manage to their full potential AV management systems don't scale to support enterprise needs 35% 34% 33% 29% 26% 24% We have not experienced any challenges with antivirus products 13% Source: Enterprise Strategy Group, 2016 Endpoint security challenges are also exacerbated by the global cybersecurity skills shortage. According to research published earlier this year, 46% of organizations report a problematic shortage of cybersecurity skills. 4 This cybersecurity shortage is compounded by the use of tools that work in isolation and require manual coordination. In many cases, organizations are understaffed and lack the right skills to employ strong endpoint security best practices. Instead, security administrators are relegated to firefighting an overwhelming amount of security alerts and using precious time to address risks and update protection through manual processes. The Endpoint Security Continuum 0% 10% 20% 30% 40% 50% 60% New endpoint security requirements have created a flurry of technology innovation and industry buzz around nextgeneration endpoint security (NGEPS) products. This has only led to market confusion as infosec professionals try to sort through an avalanche of vendor marketing hype. ESG believes it shouldn t be this difficult. In its 2016 market landscape report titled, Enterprise Adoption of Next-generation Endpoint Security, ESG defined endpoint security as: 4 Source: ESG Research Report, 2016 IT Spending Intentions Survey, February 2016.

Solution Showcase: Redefining Next-generation Endpoint Security Solutions 3 The policies, processes, and technology controls used to protect the confidentiality, integrity, and availability of an endpoint system. Furthermore, NGEPS was defined as: Endpoint security software controls designed to prevent, detect, and respond to previously unseen exploits and malware. ESG believes that next-generation endpoint security should include capabilities across an overall endpoint security continuum (see Figure 2). At one end, advanced prevention technologies should offer superior efficacy for malware and exploit prevention when compared with traditional AV products. This functionality should include the ability to learn from every attack for stronger response, faster performance, and improved efficacy. In this way, next-generation endpoint security can block all but the most sophisticated cyber-attacks, greatly reducing the amount of malicious traffic on the network and system reimaging burden placed on IT operations. At the same time, however, CISOs must assume that sophisticated cyber-criminals and nation-states will discover and exploit advanced prevention technology vulnerabilities over time, so they will also need the right tools for efficient detection and remediation of malicious endpoint activities. Figure 2. The Endpoint Security Continuum Source: Enterprise Strategy Group, 2016 As part of the continuum, next-generation endpoint security is supported with additional types of security controls (i.e., port controls, application controls, DLP/eRM, etc.). These controls are intended to decrease the endpoint and network attack surface, making network penetration and system compromises more difficult for cyber-adversaries. This can improve security, but can also carry costs because of: Multiple products working in isolation. Security and IT operations teams may be forced to install and manage multiple, isolated products on their endpoints. This introduces an operational burden and can cause contention and performance issues on the endpoint systems.

Solution Showcase: Redefining Next-generation Endpoint Security Solutions 4 Multiple management planes. New endpoint software tools for prevention, detection, and response come with their own management consoles for policy management, configuration management, and reporting. Once again, this adds more work for an already overwhelmed security and IT operations staff. Toward Next-generation Endpoint Security Solutions Clearly, large organizations want to improve security efficacy without adding operational overhead or disrupting business processes or user productivity. This is likely why the majority of cybersecurity professionals (58%) claim that their organization would prefer to buy a comprehensive endpoint security solution from a single vendor rather than cobble together a solution out of assorted endpoint security point tools (see Figure 3). 5 Figure 3. Most Attractive Choice of Endpoint Security Controls and Analytics Delivery As new endpoint security requirements arise and your organization considers new endpoint security controls and analytics, which of the following choices do you think would be most attractive to your organization? (Percent of respondents, N=340) A portfolio of endpoint security products from Don t know, 1% various vendors that establish technical partnerships to integrate their products together into a heterogeneous endpoint security An assortment of suite, 8% endpoint security technologies from various vendors, enabling my organization to choose best-of-breed products in each category, 33% A comprehensive endpoint security software suite from a single vendor, 58% Source: Enterprise Strategy Group, 2016 A comprehensive endpoint security software solution from a single vendor would need to have all of the elements of the ESG endpoint security continuum, spanning from advanced prevention to advanced detection and response. This would include: A defense-in-depth architecture for threat and exploit prevention. Strong network security is built using layered security with each security control supporting and complementing others. In this way, packets must pass through an assortment of filters (i.e., firewalls, web threat gateways, AV gateways, etc.) before they reach their ultimate destination. Similarly, next-generation endpoint security tools should contain several pre- and post-execution filters in order to prevent and detect exploits and malware. These filters will range from tried-and-true AV signatures to an assortment of other technologies including behavioral heuristics, machine learning algorithms, threat intelligence 5 Source: ESG Research Report, The Endpoint Security Paradox, January 2015.

Solution Showcase: Redefining Next-generation Endpoint Security Solutions 5 correlation engines, and isolation technologies that execute files in virtual containers blocking access to real system resources. Competitive EDR capabilities. In addition to a defense-in-depth endpoint security architecture, next-generation endpoint security tools must be able to monitor and capture system behavior as well as standalone EDR solutions do today. To fulfill this requirement, NGEPS solutions must be able to collect, process, analyze, and present active endpoint behavior data in ways that support organizations security analysis processes. The best tools will include tight integration with threat intelligence and offer closed-loop processes that take newly discovered exploits, malware, and vulnerabilities and translate them into remediation rules for blocking future similar attacks. An architecture designed for consolidation, centralization, and integration. NGEPS solutions can provide real value in a few of the most important areas for enterprise organizations. First, next-generation endpoint security solutions can be built on an integrated infrastructure, creating a single coordinated system and minimizing management overhead. Second, NGEPS solutions offer a consolidated management plane with integrated functionality for policy management, configuration management, and reporting. These solutions should also feature role-based access control to support division of labor and separation of duties between security and IT operations personnel. Finally, enterprise organizations often integrate endpoint security solutions with network security tools, security analytics systems, incident response platforms, and third-party threat intelligence feeds. NGEPS solutions should be designed around industry standards, open APIs, a common language, and an ecosystem of partners that support these requirements. Of course, NGEPS solutions must also be built for business and user productivity. To meet this requirement, these solutions must offer strong security while remaining transparent and non-disruptive to users. McAfee Dynamic Endpoint Threat Defense Next-generation endpoint security is a security category highlighting signature-less defenses and dominated by startup vendors and point tools. As this market matures however, traditional endpoint security vendors are catching up, offering the first true next-generation endpoint security solutions. One example of this is the recently announced McAfee Dynamic Endpoint Threat Defense featuring: Adaptive threat defenses. McAfee s solution is built on a shared ecosystem of other McAfee and third-party partner technologies. Shared threat intelligence and endpoint context can help solutions learn from every encounter to evolve security. This enables coordinated defenses that can share insights and work as a common system across multiple layers of security filters to automatically adapt defenses across all components. Advanced prevention capabilities. McAfee s solution takes the observations from different technologies and vantage points, which by themselves may not provide enough to convict malware, and combines them to offer enough insight to catch the latest threats. For example, McAfee has extended its existing endpoint security offerings with static and dynamic behavioral analysis informed by machine learning and dynamic reputation scoring with shared threat intelligence. In this way, McAfee has significantly improved its efficacy in preventing and detecting greyware and zeroday malware to secure patient zero. Integrated EDR. McAfee has also bolstered its endpoint security solution with EDR capabilities, providing unified visibility for security investigations, hunting activities, and remediation actions including an emphasis on efficiency with single-click correction and setting triggers to automate responses against future attacks.

The Bigger Truth Solution Showcase: Redefining Next-generation Endpoint Security Solutions 6 Endpoints are often used as a beachhead for sophisticated cyber-attacks like APTs. Cyber-adversaries compromise Windows PCs and then use them as staging grounds for extended offensive campaigns that ultimately lead to costly data breaches. Given this, enterprise CISOs must do everything possible to improve endpoint security efficacy, but today s nextgeneration endpoint security tools often come at the cost of operational overhead. Given the global cybersecurity skills shortage, this is an unacceptable tradeoff. To enhance security without the excess operational baggage, many CISOs want integrated next-generation endpoint security solutions built for consolidation, centralization, and integration. Fortunately, next-generation endpoint security solutions, like McAfee Dynamic Endpoint Threat Defense, have the potential to improve security efficacy while streamlining security operations. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community. www.esg-global.com 2016 by The Enterprise contact@esg-global.com Strategy Group, Inc. All Rights Reserved. P. 508.482.0188

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information