Next Generation Endpoint Protection is ‘current’

Endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of laptops, tablets, mobile phones and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow a definite level of compliance with standards… says wikipedia

Next Generation Endpoint Protection is a new name, evolved with no industry standard or board agreement on a definition. The name got eternalized by security product vendors looking to differentiate their new product capabilities from the existing legacy solutions.

Problem Domain

Endpoints are compromised too frequently. There are concerns that endpoint attacks and compromises are not being detected by current defenses. Some are concerned regarding the loss of endpoints due to theft or negligence. The concerns about legacy endpoint solutions that they are either too complex or generating too many false alerts are not slim to ignore. The exponential growth of a IoT devices has created new and different endpoints which demanded distinct approaches for endpoint protection.

Solution Strategy

Threats manifest in a myriad of forms like browser exploits, zero-day threats, ransomware etc. If these are some of the known threats, there exist more unknowns too. Because of the wide variety of threats, you may need many different protection techniques working together to repel them. Having a platform containing a suite of solutions which can identify specific attacks and speed the response to them once they are detected adds great value to an enterprise. This is where Next Generation Endpoint Protection platform comes into play.

A good NGEP platform provides tools which gather an enormous amount of data from the endpoint systems and network. It applies smart analytics algorithms on it so that the attacks can be stopped. A mature NGEP platform will also offer mechanisms for performing forensic investigations on the data accumulated, to identify how invasions progressed to the point of becoming exploits. This helps in pinpointing the system or device which needs remediation. A better platform will even automate the remediation process.

NGEP platforms rely heavily on machine learning classification algorithms to add intelligence, so they can effectively implement behavioral analysis, sandboxing and vulnerability shielding which is critical for having the best protection against the widest range of threats.

Product Capabilities

As part of an NGEP security project, the capabilities to look for are not just limited to…

  1. Privileged account management
  2. Endpoint Security Analytics
  3. Ransomeware Prevention
  4. Deception Technology
  5. Network Access Control
  6. Firmware-level monitoring/self-healing
  7. Whitelisting
  8. Anomaly Detection
  9. Virtualized Endpoints
  10. Advanced Threat Detection and Mitigation
  11. Two-factor or other “more-than-password” Authentication
  12. Memory Scanning
  13. Data-centric Endpoint Security: Full-disk and file encryption data loss prevention (DLP)

…and other advanced threat detection and mitigation technologies.

Key Market Players

As of the beginning of this year, per Gartner’s Magic Quadrant…

Per Gartner, Symantec continues to lead in this domain in terms of revenue and market share despite some management challenges. Symantec provides one of the most comprehensive NGEP suites available in this market with advanced features like Advanced Threat Protection to better address the changing threat landscape.

Trend Micro also leads the market with great solutions like Deep Security and is diligent in quickly addressing needs specific to the modern enterprise, data center and cloud computing.

Vendor/s Selection

The reality is, no vendor can protect you from 100% of threats. So when you choose a vendor, you have to keep multiple aspects in perspective. Some of them are…

  1. Reputation and Expertise
  2. Geographic coverage
  3. Existing vendor relationship
  4. Product/Technology roadmap
  5. Pre-sale service (consultation & design)
  6. Post-sales service (support & training)
  7. Pricing

Don’t get carried away with all the things that vendors are claiming about their NGEP products. Most of the tests made are within the parameters set by the vendors themselves. Before purchasing a product for your business, make sure to run some trials first to find out the compatibility, effectiveness, and coverage of the endpoint agents to your computer networks. Consider its cost, the complaints requirements, other backup systems to support the agents, plus the expenses required to manage the next-generation endpoint protection.

To conclude

When it comes to security, there is only one advice…“Prevention is better than cure”.A next-generation endpoint protection platform is inevitable to protect your customer data, your business, and your reputation; but it still doesn’t solve all possible threats. Threats are not limited to endpoints alone. There are many types of threats that network systems need protection from. Unlike what different vendors are boasting about next-generation endpoint protection, it still does not cover all possible threats. NGEP still cannot replace anti-virus protection. What you need to do is to identify all vulnerable areas of your endpoints and computer networks and find the best security products to protect your data, systems, and network.

Safe Journey!

Image Courtesy: Libyan Roots