Endpoint security is failing. There are a million attackers out there devoting all their energies to getting through the network perimeter and, right now, the odds are stacked in their favour.
Network defenders are juggling multiple agents on endpoints, they don’t integrate well and each has its own management interface. This can place a heavy burden on already thinly stretched staff. Breaches are up as ransomware, crypto-mining malware and the next new variant continue to batter the network. If we are going to swing the odds back in our favour we need a different approach.
The answer to at least 10 problems facing endpoint security right now lies in the cloud. Here’s a whistlestop tour of the ways cloud-based security can help fix the problem of endpoint security.
Keeping up to date
As attack patterns change, the network has to evolve to respond. In the case of BYOD, policies and procedures should be put in place to keep personal devices as secure as possible. Whereas with company owned devices, patches, policy and application updates all need to be rolled out company wide, which itself carries risks. Plus, you need to know that their deployment has been successful.
All this takes time and resources that you don’t have. The cloud resolves this by eliminating local infrastructure, lifting a huge burden from IT staff and ensuring that defence is always up to date, network-wide. The cloud delivers and streamlines updates down to the endpoint in a well-controlled, simple environment.
Integrating security products to gain full visibility
The best picture of the threat landscape comes when you connect the dots of all the data that you are monitoring. With endpoint agents, network and SIEM products it can be very hard to get a meaningful, actionable view. Cloud APIs and pre-built integrations allow you to unify products and create global visibility that tells you what is actually going on.
Managing multiple agents
When you’re working with a combination of Anti-virus, endpoint detection and response, HIPS and the rest it can be difficult to work out what is where. Cloud-based security uses a single consolidated agent that collects a rich amount of data from the endpoint, whilst avoiding grabbing personal data from BYOD such as browsing habits and personal software details, and optimises it for analysis. This vastly simplifies management and offers more robust intelligence to inform your security posture.
Securing remote workers
Today’s employees expect to be able to work anytime, anywhere, but this means less control over users’ devices. You can’t rely on workers coming onto the corporate network to pick up policy updates and users can quickly get out of date. Even with limited bandwidth, users should be able to receive and implement updates with flexibility.
The cloud consistently treats every endpoint the same way, wherever they are, making sure that critical updates get delivered, handing back control and reducing risk.
Slowing down user devices
Hell hath no fury like a user with a slow device and traditional AV slows things down, killing productivity and creating unhappy users. The unlimited storage and processing power of the cloud takes that burden away from the endpoint, with a lightweight agent that doesn’t impact productivity, meaning that you have control and the user is happy.
Preventing new attacks
Attackers invest a lot of energy in tweaking and modifying their tactics, techniques and procedures (TTPs) to try and get around defences. As new attack vectors develop it can take traditional AV days to identify them and come up with a signature for future use. This creates uncertainty in the period before the attack is properly identified as you scramble to understand it.
The power of cloud analytics allows unfiltered endpoint data to be analysed and similarities with previous attacks identified, so the likely impact and evolution of the new attack can be predicted in the shortest possible time.
Tracking down problems
This is one of the biggest challenges with traditional standalone AV. Frequently you know that there’s a problem, but a lack of visibility means that you can’t identify exactly where or what it is. This means you can’t prioritise, allocate resources and you struggle to give detailed information to the executive team.
Cloud-powered analytics derived from unfiltered data give you a complete picture of a threat, how it behaved, what else it touched and how it spread. This gives you the knowledge you need to develop the right response and the evidence you need to get that strategy endorsed at the highest level.
Quick response
Speed is critical in our business. The advanced visibility that cloud-based security delivers enables you to see the problem, contain it and remotely access the affected endpoint to carry out remediation. In the past this could have meant having to get physical access to the device, but now you can carry out real-time investigation right from your desktop and faster problem resolution means less damage inflicted.
Information sharing
We know that knowledge is power and with those million threats out there it’s important that you don’t feel alone in battling to keep them out. The cloud facilitates collaboration and education and there’s a great community out there for support. To preserve data privacy when collaborating, teams can use anonymisation. After all, the bad guys are talking to each other, we should be too.
Lift the burden of managing infrastructure
Managing infrastructure is a major challenge for organisations. Keeping the network, storage and computing facilities all up to date and fit for purpose is an expensive business and capital investment is a big issue. The beauty of the cloud is that it has no infrastructure. Providers like ourselves make it our business to keep everything up to date and operational – we wouldn’t be in business if we didn’t – so we take the burden away from on-site teams and make life simpler for everyone.
In summary
So, there are my ten good reasons why cloud-based security really represents the future of endpoint security. If I sound like an evangelist, that’s because I am. We need to scale up to meet the challenges we face and cloud enables us to do that. It frees up stretched resources to facilitate a more strategic approach to network defence and gives critical visibility and intelligence that makes us smarter and more effective. In the threat environment that we face, we need to be seizing every advantage we can.
Carbon Black is a leading provider of next-generation endpoint security. Carbon Black serves more than 3,700 customers globally, including 30 of the Fortune 100.
As a cybersecurity innovator, Carbon Black has pioneered multiple endpoint security categories, including application control, endpoint detection and response (EDR), and next-generation antivirus (NGAV).
Leveraging its big data and analytics cloud platform – the Cb Predictive Security Cloud – Carbon Black solutions enable customers to defend against the most advanced cyber threats, including malware, ransomware, and non-malware attacks. Deployed via the cloud, on premise, or as a managed service, customers use Carbon Black solutions to lock down critical systems, hunt threats, and replace legacy antivirus. For more information, please visit www.carbonblack.com or follow us on Twitter at @CarbonBlack_Inc.
