Article

Brian Gladstein
Brian Gladstein 16 February 2018
Categories B2B, Technology

Moving Endpoint Security to the Cloud Offers Peace of Mind for Security Teams

Cybersecurity can induce anxiety for many. It goes with the territory of being on the front line of their organisation’s defences against the continually evolving threat environment. As malware hits the headlines and the insidious threat of non-malware attacks grows, security teams need to look for better ways to keep their organizations safe.

In the same way that big data has been leveraged in other security fields, such as in monitoring for unusual credit card transactions and adding behavioural analysis to online authentication, bringing out the big-data guns can transform security to turn the tables on cybercriminals and, hopefully, sleep a little better at night.

Endpoint security is broken

I was recently talking to a security engineer who outlined the problems he had been facing. He and his colleague were responsible for all the cybersecurity at their organisation. They were finding that their traditional antivirus was not preventing all types of attacks; they needed protection against previously unknown attacks, and the management interface of their security system was clunky and awkward, with problematic updates that frequently broke other parts of the system. With just the two of them on the team, they were struggling.

In fact, what my friend was describing were the most common challenges facing security teams today and they stem from the fact that the threat environment has evolved to the point where many organisations feel backed into a corner.

Traditional antivirus approaches have become less effective in the face of fileless attacks. They suffer a circular flaw because they rely on having met the threat before; only those attacks that carry a malicious signature are automatically recognised and stopped. This reactive approach is ineffective against attacks that infiltrate through trusted applications and only start to wreak havoc once they have penetrated the network perimeter.

A related challenge is the lack of context provided by traditional AV solutions. Operating in a vacuum, we assume that if we don’t see something getting blocked, there’s nothing to worry about. But that’s not the case; fileless attacks do leave a footprint, but we need to analyse the unfiltered data to see the malicious patterns in order to respond.

Finally, the challenge of management. As defences have been built piecemeal, with different tools added at different times, system tools have become siloed, all managed from different consoles and struggling to share information.

It’s like trying to box with one hand tied behind your back and one eye closed – you can’t see half of the attacks coming which means you can’t defend against them.

The big guns of big data

The average organisation has thousands of distributed endpoints that are all part of a potential attack surface. With mobile working and the adoption of the cloud for business processes, the perimeter has changed. By invoking the power of the cloud to analyse every single piece of event data coming from those endpoints, we can build up a comprehensive picture of what is normal activity and what is suspicious. That gives us the context we need to work out that what looks like. For example, a benign case of a browser being opened and Flash launching, becomes a threat when Flash then launches PowerShell. That is not normal behaviour and that’s where we step in to stop that attack in its tracks.

Using predictive, cloud-based security we can converge detection with prevention and response, sniffing out and neutralising malicious activity and instantaneously learning and sharing information so no one else under protection need fall prey to the same attack strategy. Defence updates based on real-time threat intelligence can be rolled out swiftly and, because the same dataset is used throughout, detection, prevention, and response work together seamlessly – no chance of “breaking” another part of the system with an update.

There are more advantages to this approach. It’s a proactive tactic that takes away the advantage from the attacker. Traditional AV focuses on detecting malware at the point of delivery – if it is missed at that point, the attacker has gained access and is free to complete their exploit and gain intelligence for future incursions. With predictive security, all activity is under scrutinyall the time. This means that when attackers test their attack idea against the system, we know about it and can defend against it.This wipes out the advantage of R&D testing for attackers. Attacks can be detected and mitigated at more points in the kill chain, giving cybercriminals far less room for manoeuvre. 

Cloud-based security also offers another key benefit that security teams welcome: time. Bringing endpoint security into the cloud under a single management console dramatically reduces the management time needed to maintain defence. That time can be invested in more valuable, proactive activities, such as threat-hunting. The context provided by the cloud analytics gives us a greater understanding of the threat environment and helps us be smarter about how we evolve our own defences.

As it turns, my friend deployed cloud-based predictive security, giving “a couple sighs of relief” when it was up and running. So, thanks to the power of big data and the cloud, at least one security specialist is sleeping a little better now.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
7 reasons why social media marketing is important for your business

7 reasons why social media marketing is important for your business

Social media is quickly becoming one of the most important aspects of digital marketing, which provides incredible benefits that help reach millions of customers worldwide. And if you are not applying this profitable...

Sharron Nelson
Sharron Nelson 6 February 2018
Read more
Top 10 B2B Platforms to Help your Business Grow Worldwide

Top 10 B2B Platforms to Help your Business Grow Worldwide

Although the trend of a Business to Business portal is not new but the evolution of technology has indeed changed the way they function. Additional digital trading features and branding has taken the place of...

Salman Sharif
Salman Sharif 7 July 2017
Read more
Collection Of The Best Email Testing Tools Online

Collection Of The Best Email Testing Tools Online

Don’t be afraid of email testing. There are many free or freemium tools online that can help you with testing your SPAM score, deliverability and even the rendering of your email. We feature 30 email testing tools in...

Roland Pokornyik
Roland Pokornyik 31 October 2016
Read more
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more