Once upon a time, endpoint security was just a hall monitor. It watched for known bad files identified with a simple signature and sent you an alert when the file was blocked. To be safe, it would scan every machine daily, an intrusive activity that slowed down machines and sped up the heart rates of affected users and hapless analysts at help desks. Those days are gone, my friend. Those days are gone. Endpoint security, like all technology, is orders of magnitude more sophisticated now than when it was born. Features that once stood out as innovative and forward-leaning are now “table stakes” – essential for consideration, almost assumed. Here are some of the basic, and not-so-basic, features of modern endpoint protection software. Topping the list are three sine qua non capabilities:
About the Author:As Chief Cybersecurity Technologist for DLT, Don Maclean formulates and executes cybersecurity portfolio strategy, speaks and writes on security topics, and socializes his company’s cybersecurity portfolio. Don has nearly 30 years’ experience working with U.S. Federal agencies. Before joining DLT in 2015, Don managed security programs for numerous U.S. Federal clients, including DOJ, DOL, FAA, FBI, and the Treasury Department. This experience allowed him to work closely with the NIST Risk Management Framework featured in this article, and to understand its strengths and weaknesses. In addition to his CISSP, PMP, CEH, and CCSK certificates, Don’s holds a B.A. in Music from Oberlin, an M.S. in Information Security from Brandeis Rabb School, and is nearing completion of his second Bachelor’s in Mathematics. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Detection of zero days (previously unknown malware)
- Detection and prevention of memory-based attacks (a.k.a. “fileless” attacks) that run on an infected machine but never deposit a file on the victim’s system
- Ability to monitor processes running on an endpoint and identify “bad”, or at least unusual, behavior
About the Author: