Posted: 5 Min ReadProduct Insights

Does Your Endpoint Security Solution Have These 5 Essential Features?

A layered approach to endpoint security

In just the last year, we saw more than 1 million new malware variants introduced per day and the number of ransomware families tripled (ISTR22). The average ransom amount paid spiked 266 percent to $1,077. Those kind of stark numbers provide a glimpse of the herculean task that security professionals face on a daily basis. As organizations struggle to deal with the rising security demands associated with complex networks and myriad, ever-mutating external threats, it's imperative to ensure that the right endpoint security solution is in place.

In a recent blog, Gartner’s Avivah Litan advises customers to "Use a layered endpoint security approach that includes application whitelisting and blacklisting, and other controls that come bundled with most EPP platforms".

I couldn’t agree more. Enterprises need complete endpoint security that provides full cycle protection that includes protection, detection and response specifically designed to handle a rapidly shifting security environment. The consequences for operating with more limited protection have never been clearer.

To help ensure your organization is fully protected from today's most serious threats, here is a list of the most essential technologies for complete endpoint security.

1. Total security spanning the entire attack chain

Infections are simply one link in a larger chain leading to a network breach. The best endpoint security systems fuse next generation technologies with proven ones to offer protection from threats regardless of how or where they appear. Only by taking a more holistic approach can businesses ensure they receive the best possible protection. The most powerful endpoint security offerings possess deep capabilities at all the relevant stages: incursion, infection, exfiltration, remediation, etc. Let's take a closer look at some of the core features to look for at each of these stages:

The Incursion.

  1. Protection from email borne threats: Recent research shows that 1 in 131 emails contain malware including ransomware (ISTR22). You need endpoint protection that scans every email attachment to protect you from stealthy attacks.
  2. Protection from malicious web downloads: 76% of the websites scanned have vulnerabilities (ISTR22) that can be exploited by attackers to serve malware. Intrusion Prevention technology that analyzes all incoming and outgoing traffic and offers browser protection can block such threats before they can be executed on the endpoint.
  3. Powerful endpoint protection should also allow easy Application and Device Control so that you can enforce over which devices can upload or download information and access hardware or have registry access

The Infection.

Along with providing these essential protection at the incursion level, the best endpoint solutions offer advanced functionality and protection from every type of attack technique. Some of these recommended features include:

  1. Advanced Machine Learning. By analyzing trillions of examples of good and bad files contained in a global intelligence network, advanced machine learning is a signature-less technology that can block new malware variants at the pre-execution.
  2. Exploit Prevention. Almost every week you hear about a new 0-day vulnerability discovered in popular software like browsers and productivity software. IT organizations cannot keep up with testing and applying patches fast enough which leaves a vulnerable attack surface on these software that are exploited by attackers, many a times with memory based attacks. Exploit prevention technology protects against such 0-day vulnerabilities and memory based attacks
  3. File reputation analysis based on artificial intelligence with a global reach. The most advanced analysis examines billions of correlated linkages from users, websites, and files to identify and defend against rapidly-mutating malware. By analyzing key attributes (such as the origin point of a file download and the number of times it has been downloaded), the most advanced reputation analysis can assess risks and assign a reputation score before a file arrives at the endpoint.
  4. High-speed emulation at the endpoint acts like a light and fast ephemeral sandbox allowing for the detection of polymorphic or mutating malware
  5. Behavioral monitoring. Should a threat make it this far along the chain, behavioral monitoring can tap into the power of machine learning to monitor a wide variety of file behaviors to determine any risk and block it. Again a great defense against ransomware and stealthy attacks such as malicious PowerShell scripts. Research shows that 95% of the analyzed PowerShell (ISTR22) scripts last year were malicious.

Smart organizations will also pay attention to the lateral movement of malware within an organization and anti-exfiltration capabilities of their endpoint solution. Intrusion prevention, firewall policies and behavioral monitoring also come into play here, and these features should be present in any advanced endpoint platform. These technologies were particularly effective in preventing propagation of the recent WannaCry ransomware.

2. Powerful Incident Investigation and Response

Most organizations understand that a determined attacker will get through. However what they crave for is powerful detection capabilities to identify the breach as soon as possible and a very easy to use workflow for incident investigation and response. Industry analysts have begun to call this Endpoint Detection and Response (EDR). Advanced EDR solutions help isolate the endpoint as you investigate the breach, contain the spread of the malware through blacklisting and allow easy remediation by deleting the malware restoring the endpoint to a pre-infection state

Overall, the most effective endpoint security offers deep protection across each level of the attack chain, detection and response. As the old saying goes, security is only as strong as its weakest link, making a comprehensive approach essential.

3. Performance and scale backed by advanced functionality

As detailed above, a fully-protected attack chain is of critical importance. Yet the value of high performance shouldn't be understated. The best endpoint security should be optimized to prevent user and network slowdowns. It should also scale as your enterprise grows

4. Low Total Cost of Ownership

Finally, a single agent that combines the technologies normally available only through the use of multiple agents (machine learning, exploit prevention, EDR, etc.) is highly desirable. Organizations using a single agent can reduce the burden on IT by consolidating their management and maintenance of multiple agents -- while receiving the added benefit of lowering the total cost of ownership.

5. Seamless integration for orchestrated remediation

The most advanced endpoint solutions make easy integration a priority via an open API system, so organizations can leverage their existing security infrastructure like network security, IT ticketing systems and SIEMs.

The Takeaway

All endpoint security solutions are not created equal. The best, most advanced offerings have three core elements: Total protection, detection and response across the attack chain, high performance and scale without sacrificing efficacy, and seamless integration with existing infrastructure.

Ideally, these three components should arrive in a single, comprehensive yet lightweight package, as the effort of managing multiple agents lowers efficiency and increases costs. Organizations that seek these features when considering a new endpoint security solution will, without question, receive the highest level of protection for their investment.

Gartner 2017 Magic Quadrant for Endpoint Protection Platforms - Download Now

About the Author

Naveen Palavalli

Director of Product Marketing & GTM Strategy

Naveen Palavalli heads up product marketing and GTM strategy for endpoint security, email security and advanced threat protection product lines focusing on enterprise and SMB markets at Symantec.