Next Generation Endpoint Protection
Complete integrated suite of Next Generation Endpoint Protections for proactive endpoint security
Organizations across the world are frustrated with the ineffectiveness of traditional endpoint security products and their inability to stop the increasing in volume and increasingly sophisticated attacks. As a result, a new generation of endpoint solutions has been created that can provide effective security. In order to secure NGEPP effectiveness, these new technologies must be lightweight, work in the existing security ecosystem and work across new and legacy platforms independent of a real-time connection.
The core pillars of an effective NGEPP
The endpoint defenses that are commonly used are based on trying to keep attacks out or analyzing an attack after it has been successful. The core foundational pillar of an NGEPP is the capability to monitor memory to identify and stop malware that has slipped past other protection layers by using Memory Intrusion Prevention System technology (MIPS). This MIPS protection must be able to operate without any reliance on signatures or similar “looking back” detection methods.
Defenses like AV, whitelisting, HIPS and similar products have proven to do little to reduce the true threat risk presented by advanced targeted attacks and are nearly always using an approach of ON/OFF. Risk Reduction in an NGEPP solution must reduce risk in the face of the advanced attacks that organizations are facing today and provide the granular tuning flexibility necessary to reduce risk while maintaining computer usability for the workers. Instead of just “blocking” an application there should be options to control what that application can do.
Malicious Process Defense
No security product can effectively stop a user from falling for a spearphishing scheme but, unfortunately, traditional security products will not only fail to stop the initial malicious process introduction but will also fail to protect against the subsequent attack events. The user clicking on an attachment kicks off a series of possible events – dll injections, elevation of privileges, rootkits, keylogging, etc. An NGEPP will be able to monitor a range of actions that the malware will attempt and provide effective protections. An NGEPP will manage all APIs that can do keylogging, protect against all techniques and methods of DLL injections, monitor any process that is inappropriately trying to gain privileges and stop it and monitor and prevent any dangerous behavior from drivers.
An NGEPP must provide a comprehensive suite of device and data encryption protections so that data in any state, on any devices, shared with teams, etc. can be easily encrypted and managed – centrally or by empowered users. A critical part of any NGEPP solution is to provide data encryption tools that will safeguard information, customer data, employee data, company confidential data and intellectual property, but be in alignment with the organizational workflow to ensure security without slowing down productivity. Contemporary users require broader and unhindered access to organizational data and need to share that data with internal and external co-workers to optimize productivity but guarantee data safety and regulatory compliance.
Another key requirement of an NGEPP is to provide security while minimizing the administrative burden and optimizing the computer uptime for the end-user. Most traditional endpoint protection solutions use their inherent methods to sense an attack and then, if it is against a process, they kill the process. One of the advantages of an NGEPP is that it will use a variety of defenses like a honeypot, monitoring of kernels and malwares executed by a user, etc. to identify an attack and prevent it so that the process will still run. The malware will be stopped and information will be logged about the malware but the end-user will be safe and will not even need to know that there was a security issue.
An NGEPP must not only provide alerts and log data about a threat and/or attack but it should also automate the response – both in cleaning the infected computer and limiting the spread of the malware. NGEPP requires automated remediation that reduces the risk and helps assure compliance with regulations and policies. The NGEPP solution must be able to identify that a threat is present and immediately and automatically quarantine the affected computer with the limitations on functionality and connectivity correlated to the threat profile. This must include preventing malware from spreading through network shares, limiting or stopping access to USB connected devices and blocking Internet connectivity. After an attack has been identified the NGEPP solution must be able to quickly and completely clean the affected computer of all traces of the malware.
An NGEPP must be able to provide organizations with immediate and in-depth analysis of possible vulnerabilities and attacks across operating systems and applications. The Stormshield NGEPP includes a monitoring and threat intelligence service: The Stormshield Security Research Center is comprised of the industry’s top endpoint security researchers tasked with identifying, testing and analyzing the latest vulnerabilities, attacks and threats targeting organizations worldwide. Stormshield provides a secure portal that includes detailed reports that include all regular alert reports, analysis, trends and precautions related to all identified vulnerabilities and attacks across operating systems and a wide range of proven susceptible applications. The Threat Intelligence service also provides for clients to be able to submit their own malware and attack issues for immediate analysis and intelligence. The client receives an individualized detailed threat analysis that includes guidance for stopping, removing and preventing this and similar attacks.
Learn more about the NGEPP product features