What Is Next-Generation Endpoint Security and Why Do You Need It?
3 likes2,415 views
The document outlines the evolution and current landscape of next-generation endpoint security, emphasizing the importance of protecting endpoint systems through advanced malware prevention and detection. It highlights the market's shift from traditional antivirus solutions to more integrated, data-driven approaches that incorporate threat intelligence and advanced detection capabilities. The report also discusses the challenges of resource constraints in cybersecurity and the need for ongoing skill development and product evaluation.
What Is Next-Generation Endpoint Security and Why Do You Need It?
- 1. #RSAC Session ID: TECH-R05 Next-Generation Endpoint Security Overview Jon Oltsik Senior Principal Analyst ESG
- 2. #RSAC Agenda 2 Endpoint Security Defined What about antivirus? The next-generation endpoint security triggers Next-generation endpoint security market dichotomy Prevention vs. Detection/Response crowd Recommendations and lessons learned
- 3. #RSAC What Is An Endpoint? 3 Primary: Windows PCs Secondary
- 4. #RSAC Anti- malware Endpoint security controls Data security Application security IAM Acceptable use policies Configuration management System monitoring What is Endpoint Security? “The policies, processes and technology controls used to protect the confidentiality, integrity, and availability of an endpoint system”
- 5. #RSAC Anti- malware Endpoint security controls Data security Application security IAM Acceptable use policies Configuration management System monitoring What is Endpoint Security? “The policies, processes and technology controls used to protect the confidentiality, integrity, and availability of an endpoint system”
- 6. #RSAC What About AV? 6 $5 billion to $7 billion WW market 95%+ penetration rate Historically dominated by 5 vendors History of usurping functionality Application controls, anti-spyware/adware, full-disk encryption
- 7. #RSAC Antivirus Myth and Reality 7 AV is NOT a commodity product (nor is it “dead”) AV management is often delegated to IT operations groups AV is not always well maintained Advanced features: Not well known or always used Can have a substantial impact on system performance Mixed results in terms of efficacy
- 9. #RSAC NG Endpoint Security Triggers 9 Network compromise, cyber-attack, or data breach Time and resources necessary for system reimaging Cybersecurity quantum leap Cybersecurity cavalry to the rescue! Needs and resource assessment
- 10. #RSAC Endpoint Security Continuum 10 Advanced malware prevention Advanced detection and response (EDR) Advanced endpoint controls
- 11. #RSAC 11 “Hair-on-fire” problem Resource constraints Staff size, skills, time Endpoint malware prevention may be one of several cybersecurity initiatives Endpoint Security Advanced Prevention
- 12. #RSAC Endpoint Security Advanced Prevention 12 Problematic shortage of IT security skills 46% 28% 25% 23% 24% 2016 2015 2014 2013 2012
- 13. #RSAC Advanced Prevention Products 13 New types of algorithms Process isolation or sandboxing Behavioral heuristics Tight integration with threat intelligence
- 14. #RSAC Procurement and Deployment 14 Extensive background research RFI/RFP Product testing POC Pilot project Enterprise deployment
- 15. #RSAC Observations 15 Early stage products have obvious flaws Extensive customer input into product roadmaps Scale and manageability are high priority requirements AV replacement is often part of strategy Enhancements may be required Windows firewall, application controls, etc.
- 16. #RSAC 16 Progressive skills and resources Strong relationships with existing AV vendor Not hung up on endpoint agents Broad approach to anti-malware based upon data analytics Network sandbox, threat intelligence, open source tools, custom rules, etc. Focus on IR automation and orchestration Advanced Detection and Response
- 17. #RSAC Advanced Detection and Response Products 17 Data collection- and analytics-centric Windows logs, system activities, forensic capture, etc. Various requirements for endpoint data collection Polling, trigger-based, local collection, central collection, etc. Trend toward real-time continuous collection and visibility Product GUI and analytics may or may not be important
- 18. #RSAC Procurement and Deployment 18 Basic background research Exploration of open source and commercial offerings Simple and concise RFI/RFPs POC including product and process integration Pilot project to test scale and data management Enterprise deployment
- 19. #RSAC Observations 19 Very demanding user base Best-of-breed mentality Customers will likely Demand product customization and enhancements from vendors from the start Want to use products to create (and even distribute) custom remediation rule sets “Big brother” issues
- 20. #RSAC Further Analysis 20 Continuum will continue Rip-and-replace mindset Possible extensions for data security and insider threat Cloud-based control plane? Endpoint security and patching
- 21. #RSAC Action Items 21 Assessment Existing AV, malware, malicious network traffic, skill sets… Requirements definition Comprehensive security requirements IT and business requirements Technical requirements Research and evaluation Cast a wide net but maintain a focused search Plan for the long-term