Understand attacker behavior to effectively hunt endpoint threats
There’s one undeniable constant in endpoint security…attackers will always find new ways to avoid detection. Organizations must defend against traditional attacks and hunt for new attack behaviors.
With a rise in distributed workforces, it’s now more important than ever that endpoint security becomes a top priority. According to The Ponemon Institute’s Third Annual Study on the State of Endpoint Security Risk – January 2020, 68 percent of responding organizations experienced an endpoint attack that compromised data and 80 percent of successful endpoint breaches were new or unknown zero-day attacks. 1
Unfortunately, when it comes to security priorities a focus on prevention and staffing is still prevalent. According to the Ponemon survey, the top three priorities for organizations are reducing the number of security solutions (50 percent), investing more in prevention (46 percent) and hiring more staff (41 percent).2
The problem with this approach is that prevention technology is not enough, and your staff can’t keep up. Technology tools and automation are an important piece of the puzzle for stopping known attacks in their tracks, but you cannot ring an alarm on the elusive. Understanding and predicting attacker behavior is a critical component in the evolution of endpoint security and protecting against zero-day attacks.
“Organizations can no longer rely on traditional antivirus solutions and a defensive approach to endpoint security. The new normal is a proactive approach to threat hunting that understands and predicts attacker behavior before business disruption can occur,” said Mark Sangster, Vice President and Industry Security Strategist at eSentire.
When the best offense is a good defense
Attacker behavior continues to evolve and become more evasive. VMware Carbon Black observed evasion behaviors in 90 percent of malware samples analyzed, a clear indication that attackers are increasingly attempting to circumvent legacy security solutions.3 Organizations must continuously evolve their people, processes and technology to adjust to the increasingly elusive behavior of attackers.
“Too much of security is about reverse engineering or rethinking the attacks of yesterday, as opposed to how are we proactively thinking about the attacks of tomorrow,” said Tom Corn, SVP of Security Products at VMware.
The new normal is a holistic endpoint security solution that:
- Uses predictive threat modeling to identify suspicious behavior and automatically block expected, unexpected and fileless attacks
- Applies a combination of zero-trust, machine learning and advanced analytics to find threats built to circumvent prevention
- Minimizes threat actor dwell time with proactive threat hunting to identify, lock down and isolate compromised endpoints before disruption
- Investigates root cause and eradicate threat actor presence across the environment while hardening against future attacks
“Your modern endpoint security should combine leading endpoint protection technology and predictive security modeling with 24x7 monitoring, machine learning and elite threat hunting enables organizations to detect and stop the elusive,” said Mark Sangster, Vice President and Industry Security Strategist at eSentire.
eSentire esENDPONT
esENDPOINT combines eSentire’s elite threat hunting with VMware Carbon Black’s next-generation antivirus and endpoint detection and response capabilities to eliminate blind spots traditional prevention misses. VMware Carbon Black’s predictive threat modeling combines with eSentire’s proprietary machine learning technology to continuously tune the latest detection measures to prevent known attacks and identify potential unknown and zero-day threats. Recognized threats are automatically blocked at the endpoint with VMware Carbon Black’s technology and an elite team of eSentire’s threat hunters rapidly investigate and neutralize the most elusive of threats, preventing lateral spread.
Learn more about strengthening your endpoint defense team in the Turning the Elusive into the Tangible on-demand webinar on how to protect your endpoints. Watch Now!
1, 2 The Third Annual Study on the State of Endpoint Security Risk – Ponemon Institute, January 2020
3 VMware Carbon Black - 2020 Cybersecurity Outlook Report
To learn how your organization can build cyber resilience and prevent business disruption with eSentire’s Next Level MDR, connect with an eSentire Security Specialist now.
GET STARTEDABOUT THE AUTHOR
eSentire
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.