Page 7 - 2016
P. 7
Such information is used to harden defenses while also Most important of all, cleanup and threat removal should
employing dynamic whitelisting and blacklisting to reduce happen automatically. These capabilities are quite
an endpoints attack surface. significant compared to network and endpoint monitoring
products that stop short of remediation. In most cases,
Tip: Buy a product that imposes minimal overhead, and those products will alert you to a new attack and provide
employs techniques that prevent threats on endpoints both recommendations on how you might be able to block and
on and off the network. remove the malware yourself.
Step Three: Detection Forensics Closing the Loop on Security
Leveraging exploits is a sophisticated technique used by The provision of real-time endpoint forensics is essential
attackers to breach systems and execute malware. Drive-by to the robustness of Adaptive Endpoint Protection. The
downloads are a common threat vector for these exploit technology must give clear visibility into any malicious
attacks. An Adaptive Endpoint Protection solution activity that has taken place, enabling security staff to
incorporates anti-exploit capabilities to protect against quickly identify the scope of the problem, make well-
attacks that leverage both application and memory-based informed decisions, and report out pertinent details to the
exploits. appropriate stakeholders across an organization.
Ideally, the technology can detect memory exploits by Conclusion
discovering the actual techniques used such as heap In the era of the cloud, which enables data access from
spraying, stack pivots, RPO attacks, and memory everywhere, endpoint protection is more relevant than
permission modifications. ever. Consequently, the need to secure devices has never
been greater. To fully protect endpoints against
At the core of an Adaptive Endpoint Protection solution is increasingly sophisticated, advanced threats, organizations
the ability to stop zero-day and targeted attacks. This need Adaptive Endpoint Protection a dynamic security
dynamic malware detection capability requires real-time system that integrates prediction, prevention, detection,
monitoring and analysis of application and process and remediation into a single platform architecture.
behavior in memory, disk, registry, network, and so on. Working together with forensics, these four capabilities
deliver the strongest possible defense against attacks that
Step Four: Remediation utilize a combination of both known and unknown threats,
The process of removing malware often creates, modifies, in real-time.
or deletes system files and registry settings, and alters
configuration settings. Any change can cause a system About the Author
malfunction or instability. Removing a threat and returning Tomer Weingarten is CEO of SentinelOne, a endpoint
an endpoint to a reliable state is no easy task and adds security vendor formed by an elite team of cyber security
immense administrative work. engineers and defense experts from Intel, McAfee,
Checkpoint, IBM and the Israel Defense Forces. He is an
An Adaptive Endpoint Protection solution restores an expert in cyber security, advanced malware and forensics.
endpoint to its pre-malware execution state and should Tomer and his team routinely work with law enforcement
provide visibility into what changed and what was and intelligence agencies on cyber crime investigations.
successfully remediated.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 7
