What is Endpoint Protection?
Endpoint protection is an approach to IT security that focuses on the devices (endpoints) that allow access to a network. Previously, when networks consisted mainly of physical workstations, with perhaps a single Internet gateway, endpoint protection was a relatively trivial matter. Nowadays, endpoints can be many and varied, including smart devices such as laptops, tablets, and mobile phones. These devices may become risks to an organization’s data security as all of these points have the potential to store sensitive data locally. Users can then physically remove devices from the network, causing a breach. If a network’s firewall and IDS/IPS systems consider these devices “trusted”, they may also be entry points for malware attacks.
What makes Endpoint Protection “Next Gen”?
While there is no standard definition that defines the elements of Next Generation Endpoint Protection (NGEP), IT professionals generally agree that NGEP includes at least two of these four elements:
Profiles threats with AI, not just “signature recognition” : A good anti-virus program has always been an element of endpoint protection. Many antivirus programs use an approach called signature recognition. The antivirus software recognizes the signature IT profile of a particular form of attack and then shuts it down. The problem with this approach is that hackers constantly invent new attack methods that use unrecognized signatures, often called “zero day” malware. Until the signature is identified, signature recognition antivirus does not stop the new attack.
A NGEP system uses artificial intelligence (AI) to learn what a “normal” state is for your organization’s unique IT environment (traffic, connected devices and data flow). NGEP antivirus searches for deviations, which may constitute potential threats. The system then performs tests to decide whether the deviation is an acceptable anomaly, or should be elevated to the status of a potential threat. For threats, NGEP antivirus sends a warning message to the professionals who monitor the system. Some NGEP systems may use both AI and signature recognition as a “belt and suspenders” security approach. But, an effectively programmed AI engine would not require signature recognition, and large databases of attack signatures may consume unnecessary IT resources.
Comprehensive coverage of all possible endpoints: The proliferation of smart devices creates new and unique challenges for endpoint protection. Today, non-traditional devices such as television sets, credit card readers and home security systems have the potential to become vulnerable network endpoints. The simple USB port is the most commonly overlooked potential endpoint vulnerability. Users may unknowingly or deliberately connect any number of malicious devices to a USB port. A NGEP system recognizes and carefully monitors any new and unfamiliar equipment users add to the IT environment, including USB plug-ins. Even with trusted connected devices, the NGEP uses more of a “trust but verify” approach over a blind trust approach. This approach can be effective in stopping insider attacks using trusted devices.
Proactive AND reactive: One of the things that sparked the idea of NGEP was the criticism that a lot of security applications were effective in containing attacks and contaminations, but did little to help prevent attacks from occurring in the first place. NGEP systems typically include a number of features that enable them to prevent attacks. One typical feature is the creation of a “sandbox”, which is a virtual environment walled off from the rest of the network. When an unfamiliar app or data packet enters the system, NGEP systems first test it in the sandbox to insure the packet is not malware or malicious code. If the packet is malicious, the system deletes the sandbox and rejects the packet. Other systems use proprietary AI algorithms to seek out anomalies and test questionable devices before hackers can launch an attack. All this said, a good NGEP system still needs good reactive defenses to prevent the spread of viruses that may evade the system, and help restore systems to pre-attack states.
Cloud-based: NGEP often requires the ability for a system to create a large data set to perform a proper analysis of the IT environment and track all the endpoints. That data must be accessible, active and available for analysis. Systems that require an on-site physical device to present this data can cost an organization thousands of dollars in unnecessary data storage. IT Systems that depend on physical data storage for access and retrieval may not be fast enough to stop an attack as it unfolds.
ETTE Can Help
ETTE has partnered with SentinelOne, one of the leading providers of NGEP. SentinelOne’s system includes all four of the NGEP elements listed above. The application uses a static AI engine to proactively prevent attacks, including zero-day malware, from all types of malware threats. These threats include viruses, ransomware, Trojan horses, macro viruses, phishing emails, insider attacks, and more. SentinelOne does not use signature databases, avoiding the need for time and resource consuming signature scans.
SentinelOne can auto-immunize endpoints against new threats, which saves time and effort having to manually update all the environmental endpoints. On the rare occasions where a threat actually impacts an environment, SentinelOne isolates the infected endpoint from the rest of the network until the threat is neutralized. The application then roll back the endpoint to its pre-infected state.
SentinelOne is an AV-TEST approved corporate endpoint protection provider for the MAC Operating System (Scoring 18/18 in the tests), and the Windows Operating System (scoring 16.5/18). AV-TEST is a fully-independent antivirus research and testing institute.
ETTE hosts the SentinelOne engine, operating the system in the cloud. We save your organization thousands of dollars in data storage and operation. ETTE quickly and efficiently installs SentinelOne protection at the right size and configuration for your particular organization with minimal intrusion on your daily IT operations, all at a surprisingly affordable price. Contact us today to find out more.