The Rise of Endpoint Threat Detection and Response (ETDR) – How Vulnerable is your IT Infrastructure?

By   ISBuzz Team
Writer , Information Security Buzz | Jul 09, 2015 07:00 pm PST

As security breaches are becoming almost commonplace in the finance, retail, healthcare, and entertainment industries, many CISOs are asking the question: How vulnerable is my IT infrastructure?

With large enterprises that have been victims of security breaches making news headlines every day, we can agree that traditional signature-based endpoint protection solutions are no longer sufficient to protect against increasing advanced persistent threats (APTs) and Zero-Day attacks. How can CISOs reinforce their security measures? The answer lies in implementing IT analytics solutions that can detect abnormal activity and behaviour in enterprise IT environments that can leverage a combination of real-time visibility and historical data, to generate alerts and reduce the impact of an attack before it spreads.

What factors have seen the rise in ETDR?

Traditionally, the endpoint has been a desktop computer, but this is rapidly evolving and enterprise endpoints today encompass any device that can access the IT infrastructure from smartphones to tablets. With the adoption of BYO*, end-user devices and usages are rapidly changing and as a result, IT security risks are multiplying as enterprises have more and more endpoints to monitor in their environments.

Many employee-owned mobile devices have full access to the enterprise IT infrastructure and services, which represents a vast amount of private corporate data that hackers can easily mine.

What are the key trends in terms of ETDR?

In most cases, enterprises are not even aware that they have already been attacked. Hackers are patient and observant. Highly sophisticated and malicious software can lurk for months within an enterprise in stealth mode, observing and recording the daily routines of end-users.

A common tactic that hackers use is sending infected email as bait to employees hoping to gain access and navigate through the enterprise infrastructure to infect administrative computers. When employees click on an email or link, malicious software is installed.

Once installed, malware can record data such as keystrokes and take screen shots of employee workstations, enabling hackers to learn and understand corporate procedures. Malware can also enable hackers to control end-user workstations remotely. Mimicking corporate procedures they have learned, hackers can direct the employee workstations to steal sensitive data in a variety of ways including usernames, passwords or financial information.

What challenges do these threats pose to enterprises?

According to Gartner, advanced targeted attacks are set to render prevention-centric security strategies obsolete. Industry analysts predict that by 2020, securing enterprise IT will require a shift to information and end-user centric security strategies focused on an infrastructure’s end-points.

Enterprises should therefore assume that they have already been compromised, and take necessary action now. The solution is to invest in IT analytics capabilities that provide continuous monitoring of patterns and behaviours indicative of malicious intent.

What is the best way to keep abreast of changing trends in security both in regard to
potential attacks and fresh best practices?

IT analytics solutions enable enterprises to verify security compliance and quickly discover where their business is most vulnerable. These solutions can provide IT departments real-time notification of security breaches in addition to the context of the origin of the breach, to protect the business against the spread of future attack.

IT analytics solutions can provide visibility and insight into abnormal behaviour that could represent potential threats and risks to enable enterprises to improve their security posture.

How can enterprises address ETDR?

Organizations need to be clear with their employees on what is expected of them when they access and utilize the corporate IT infrastructure and services. Management must set expectations regarding employee behaviour when accessing corporate data. Employees need to be properly educated and trained on corporate IT security policies.

Nearly all of the major security incidents reported in recent years have been the result of human error or deception. Today, enterprises can’t leave anything to chance or assume that individuals will do the right thing. Employees may not be aware of what the right thing is — or worse, not know what the wrong thing looks like. Therefore, well-documented security policies that are repeatedly enforced are fundamental. Other forms of awareness and training are also needed as the ruses that hackers use to trick people change almost daily.[su_box title=”Poul Nielsen, Director of Strategy, Nexthink” style=”noise” box_color=”#336588″]Poul NielsenPoul has responsibility for corporate, product, partner and field marketing worldwide. His mission is to develop and communicate Nexthink’s brand and to lead marketing operations in support of the company’s goals. Poul works closely with product marketing to align strategy and with sales for lead generation activities. Poul has over 20 years of executive management experience at TriActive, Altiris, Computing Edge, Computer Associates, and Digital with strong background in routes-to-market strategy for hyper-growth. During his time at Altiris, Poul served as VP of Product Strategy and Marketing and developed the concept of IT Lifecycle Management for PCs. From 2000 to 2005, Altiris grew revenues from $8M to over $250M with leading partners HP, Dell, IBM and Microsoft.[/su_box]