Article

Brian Gladstein
Brian Gladstein 16 February 2018
Categories B2B, Technology

Moving Endpoint Security to the Cloud Offers Peace of Mind for Security Teams

Cybersecurity can induce anxiety for many. It goes with the territory of being on the front line of their organisation’s defences against the continually evolving threat environment. As malware hits the headlines and the insidious threat of non-malware attacks grows, security teams need to look for better ways to keep their organizations safe.

In the same way that big data has been leveraged in other security fields, such as in monitoring for unusual credit card transactions and adding behavioural analysis to online authentication, bringing out the big-data guns can transform security to turn the tables on cybercriminals and, hopefully, sleep a little better at night.

Endpoint security is broken

I was recently talking to a security engineer who outlined the problems he had been facing. He and his colleague were responsible for all the cybersecurity at their organisation. They were finding that their traditional antivirus was not preventing all types of attacks; they needed protection against previously unknown attacks, and the management interface of their security system was clunky and awkward, with problematic updates that frequently broke other parts of the system. With just the two of them on the team, they were struggling.

In fact, what my friend was describing were the most common challenges facing security teams today and they stem from the fact that the threat environment has evolved to the point where many organisations feel backed into a corner.

Traditional antivirus approaches have become less effective in the face of fileless attacks. They suffer a circular flaw because they rely on having met the threat before; only those attacks that carry a malicious signature are automatically recognised and stopped. This reactive approach is ineffective against attacks that infiltrate through trusted applications and only start to wreak havoc once they have penetrated the network perimeter.

A related challenge is the lack of context provided by traditional AV solutions. Operating in a vacuum, we assume that if we don’t see something getting blocked, there’s nothing to worry about. But that’s not the case; fileless attacks do leave a footprint, but we need to analyse the unfiltered data to see the malicious patterns in order to respond.

Finally, the challenge of management. As defences have been built piecemeal, with different tools added at different times, system tools have become siloed, all managed from different consoles and struggling to share information.

It’s like trying to box with one hand tied behind your back and one eye closed – you can’t see half of the attacks coming which means you can’t defend against them.

The big guns of big data

The average organisation has thousands of distributed endpoints that are all part of a potential attack surface. With mobile working and the adoption of the cloud for business processes, the perimeter has changed. By invoking the power of the cloud to analyse every single piece of event data coming from those endpoints, we can build up a comprehensive picture of what is normal activity and what is suspicious. That gives us the context we need to work out that what looks like. For example, a benign case of a browser being opened and Flash launching, becomes a threat when Flash then launches PowerShell. That is not normal behaviour and that’s where we step in to stop that attack in its tracks.

Using predictive, cloud-based security we can converge detection with prevention and response, sniffing out and neutralising malicious activity and instantaneously learning and sharing information so no one else under protection need fall prey to the same attack strategy. Defence updates based on real-time threat intelligence can be rolled out swiftly and, because the same dataset is used throughout, detection, prevention, and response work together seamlessly – no chance of “breaking” another part of the system with an update.

There are more advantages to this approach. It’s a proactive tactic that takes away the advantage from the attacker. Traditional AV focuses on detecting malware at the point of delivery – if it is missed at that point, the attacker has gained access and is free to complete their exploit and gain intelligence for future incursions. With predictive security, all activity is under scrutinyall the time. This means that when attackers test their attack idea against the system, we know about it and can defend against it.This wipes out the advantage of R&D testing for attackers. Attacks can be detected and mitigated at more points in the kill chain, giving cybercriminals far less room for manoeuvre. 

Cloud-based security also offers another key benefit that security teams welcome: time. Bringing endpoint security into the cloud under a single management console dramatically reduces the management time needed to maintain defence. That time can be invested in more valuable, proactive activities, such as threat-hunting. The context provided by the cloud analytics gives us a greater understanding of the threat environment and helps us be smarter about how we evolve our own defences.

As it turns, my friend deployed cloud-based predictive security, giving “a couple sighs of relief” when it was up and running. So, thanks to the power of big data and the cloud, at least one security specialist is sleeping a little better now.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
How to Collaborate With UGC Creators?

How to Collaborate With UGC Creators?

Learn how to boost your brand through UGC creator collaborations: define goals, identify and engage with creators, offer incentives, and measure success for long-term partnerships.

Shivam Rawat
Shivam Rawat 28 February 2024
Read more
Adapting B2B Digital Marketing for the Modern Buyer Journey

Adapting B2B Digital Marketing for the Modern Buyer Journey

Digital marketing also allows for precise tracking and measurement of marketing efforts, enabling data-driven decision-making and optimization. In an increasingly competitive B2B landscape, a well-executed digital...

Ghia Marnewick
Ghia Marnewick 21 February 2024
Read more
How To Be the Best Marketer in 2024: Traits According to Your Star Sign

How To Be the Best Marketer in 2024: Traits According to Your Star Sign

Have you ever wondered how your astrological sign might influence your marketing approach?

Jen Macdonald
Jen Macdonald 16 February 2024
Read more
7 Reasons Why Social Media Marketing is Important For Your Business

7 Reasons Why Social Media Marketing is Important For Your Business

In the past two decades social media has become a crucial tool for marketers, enabling businesses to connect with potential customers. If your business has yet to embrace social media and you want to know why it is...

Sharron Nelson
Sharron Nelson 29 February 2024
Read more
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

Whether you're a startup or an established business, the company website is an essential element of your digital marketing strategy. The most effective sites are continually nurtured and developed in line with...

Digital Doughnut Contributor
Digital Doughnut Contributor 7 January 2020
Read more