Page 6 - 2016
P. 6
Automated Process Spans Prediction, “The best solutions use
Protection, Detection and Remediation automated real-time
within a Single Platform analysis and machine
learning to enable them to
In the rapidly-evolving world of security, one truism never
predict attack patterns”
changes: attackers are always trying something different to
stay at least one step ahead of detection.
can execute code: laptops, desktops, servers, mobile
They use different techniques to evade security solutions devices, embedded devices, SCADA systems, and even IoT
focused on matching malicious activity to known threats devices.
-- such as endpoint antivirus, gateway antivirus, IPS, IDS,
and firewalls -- most of which rely on static signatures to Step One: Prediction
identify malicious files, URLs and IP addresses. Some also Being able to predict in real-time what an attack will likely
use the latest sandbox-evading techniques to remain do is key to having a robust defense against both known
�unknown� to network defenses. and unknown threats. The predictive capability is part of
a fully integrated adaptive system that determines the
This approach is no match for attackers� inventiveness, threat s next action based on attack patterns, malware
which includes polymorphic malware, packers and techniques, and up-to-the-minute crowd sourced threat
wrappers all of which take a known binary and cause it intelligence.
to appear completely new, unknown, and benign on the
surface. The best solutions use automated real-time analysis and
machine learning to enable them to predict attack patterns.
Increasingly, organizations are turning to new methods to In addition, they constantly scan for application
identify whether an unknown file is malicious or benign. vulnerabilities, and anticipate new threat tactics.
One emerging model is known as: Adaptive Endpoint
Protection. It consists of four highly integrated steps - Tip: Make sure your solution taps every process and thread
prediction, prevention, detection and remediation - that on the system, and extracts all relevant operations data
combine to deliver instantaneous results against advanced including system calls, network, IO, registry (on
threats that employ a wide variety of attack vectors. Windows), so it can monitor the behavior of every process
that executes on the system. Attackers have learned to take
Together these steps constitute what is now being referred advantage of hooking into system processes and benign
to as �Next-Generation Endpoint Protection� through applications.
continuous, real-time monitoring and dynamic analysis
and prevention of threats. Step Two: Prevention
Adaptive Endpoint Protection excels at blocking existing,
The need for effective endpoint protection has never been known threats before they can execute on endpoints.
greater as the cloud has placed endpoint devices which Superior services leverage crowd-sourced cloud
can access data from anywhere at the center of the IT intelligence to deliver real-time information to proactively
computing universe. Endpoints include all machines that block threats.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 6
