Over the past few years, there has been a common thread in the annual crop of year-end summations and new-year predictions. Users and their endpoints are the weakest link in IT security.
While we keep trying to find the perfect perimeter security solution, it becomes increasingly clear that most data breaches involve employees, contractors and partners. Estimates suggest that as many as 90% of all breaches involve – either inadvertently or intentionally – user endpoints. Inevitably the risk will grow with the continued expansion of employee access to corporate data via unmanaged personal devices and the cloud.
For the year ahead, concerns about APTs continue as attackers improve their techniques to make them stealthier and harder to detect. The most common way for APTs to infiltrate the organization is by introducing malware to an employee’s or partner’s endpoint. In 2015, the number of successful targeted attacks continued to grow, as it proved extremely difficult, if not impossible, to thwart social engineering with standard technology.
APT toolkits and targeted attacks are designed to bypass endpoint protection platforms and the suite of technologies they use to detect and block malware. CISOs understand that traditional endpoint defenses are no longer enough to protect corporate devices, and that unmanaged personal devices and unsanctioned cloud applications are opening the doors wide.
As a result, in 2016, security experts will continue to shift their focus from prevention to detection. But one prediction that we can all agree upon is that no detection technology will be perfect either. So to protect our endpoints, we need more powerful tools for hunting, investigation and responding to suspicious events.
Security Operations teams are already overloaded with alerts but when it’s time to investigate, they are missing information about their endpoints and need to collect it manually. They can’t automatically validate alerts in order to weed out false positives or easily identify the really suspicious events. Analysts cannot visualize the attack chain timeline and immediately comprehend the “who, what, where, when and how” behind the incident. And they do not have the tools to quickly block, remediate or simply isolate the threat without affecting employee productivity.
Securing the endpoint depends on the ability to spot suspicious behaviors quickly and investigate them thoroughly. In 2016, more and more businesses will adopt endpoint detection, investigation and remediation solutions that will dramatically improve visibility and enable a quick and accurate response that finally counters the ability of advanced threats to do serious damage to the organization.