Over the years, confusion and frustration have built up around the nature and size of the endpoint security problem. Organizations continue to rely on the same solutions they’ve been using for 10 or 20 years, yet they still find themselves dealing with malicious code that has slipped through their endpoint security measures. Endpoint security hasn’t changed much up until now, even though hacking tactics, techniques and procedures have become extremely sophisticated. We’ve been locked into an asymmetrical battle, and we haven’t been winning.
But now, technological innovations are driving a transformation in the endpoint protection market. For the first time in a long time, there’s a technological shakeup that’s raising a lot of questions among buyers. What are the differences between legacy and next-gen solutions? Does a product native to the cloud provide greater benefits than those of legacy solutions? And above all, how are other organizations executing best practices for endpoint security ... and where are they falling short?
To answer these and other pressing questions affecting endpoint security practices and offerings, CrowdStrike® partnered with the Enterprise Strategy Group (ESG), an IT research and advisory firm. ESG conducts technical and economic value validations, consulting and other services.
Organizations are doing simple and sensible things. They continue to focus on:
• Training users and staff
• Allocating more money to endpoint protection
• Deploying new tools
Given the percentage splits, it seems they understand there is no single silver bullet that will solve their security issues.
The Fight Is On All Fronts
The majority of survey respondents, 85 percent, reported that they had been attacked in the last 12 months. The fact that there were more targeted attacks than any other type is a sign that adversaries have evolved into specialists who carefully plan and execute focused strikes, instead of hoping to get lucky with a scattershot approach.
A surprising finding is that fileless attacks comprise nearly 25 percent of exploits, probably because they can’t be detected by traditional signature-based security and forensics tools. Since attackers know that most organizations are not running the memory analysis tools that would detect this type of event, the occurrence of fileless attacks will probably continue to rise.
Overall, however, the types of attacks reported are fairly equal in proportion, which is bad news for businesses — protecting endpoints against such a wide variety of incursions is both complex and challenging. This is a pattern that is likely to continue indefinitely, so organizations need to plan for longterm battles on many fronts concurrently.
• Three-fourths of organizations are using multiple products to secure endpoints
• One-half are using three or more products
• One-fourth have four or more installed
Organizations seem to subscribe to the philosophy of "more is more" when it comes to endpoint security software; if one endpoint solution is good, two, three or even four must be better. The decision to use many products may be driven by the beliefs that:
• The endpoint is under attack
• Legacy approaches are failing
• There is an urgent need to try something new or different
Security vendors have contributed to these challenges with solutions that burden IT staffs and organizations’ environments.
But a multi-pronged approach brings its own challenges; multiple products require the installation of multiple agents, which add layers of complexity to security management and create the potential for performance degradation. Even the endpoints themselves may be negatively impacted. "More is more" is a misguided mentality; organizations would be better off doing the legwork to find a single solution that supports their end-to-end security strategy.
There is a difference between deploying from the cloud and having a cloud platform. Many vendors have a cloud solution right now, but these are often just traditional solutions that reside in the cloud — more like a collection of standalone products than an integrated solution that can invisibly provide updates and enhancements without disrupting customer operations. SECaaS solutions are native to the cloud, compatible with cloud-first strategies as well as onpremises installations, and supportive of modern business practices such as agility and scalability.
Organizations know the problems that arise when their security teams are forced to interpret data from a hodgepodge of dashboards spewing floods of data in different formats. As the volume of alerts expands, a single dashboard isn’t just nice to have; it’s a must-have. Otherwise, processing alerts become too unwieldy to manage with any level of quality. Complexity can and must be taken out of endpoint protection: one agent, one cloud — that’s as simple as it should be.
The CrowdStrike Falcon® cloud-native platform is built from the ground up to meet the challenges of today’s sophisticated and evolving threat landscape, offering comprehensive protection without adding complexity. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR) and a 24/7 managed hunting service — all delivered via a single lightweight agent. Core to its innovative approach is the CrowdStrike Threat Graph™ that analyzes and correlates over 60 billion events per day from millions of sensors deployed across 176 countries, uniquely providing crowdsourced protection for the entire customer community.
Article originally published at https://bit.ly/2Klbv50