Next-Generation Endpoint Security

Endpoint Security: A Critical Step Toward Dealing with Cyber Threats

Organizations need a new approach to endpoint security to secure against advanced cyber threats.

Endpoint Security: Current State

Today, organizations are spending over $5 billion dollars on traditional endpoint security and losing the battle against advanced threat groups. This is because most existing endpoint security solutions use conventional antivirus and anti-spam software and host intrusion prevention services (HIPS) that are useful against commodity malware but ineffective against advanced attacks.

Advanced Attacks on Endpoints

Modern cyber attacks are not simple, isolated malware events. Attacks frequently begin by establishing a foothold within an organization’s infrastructure, often at an endpoint via malware, stolen credentials, or other techniques. Once the endpoint is compromised, the attackers can move laterally to find and exploit other systems until they locate the data or processes they are truly after. Advanced cyber attackers have the advantage—they only need to exploit a single vulnerability, while your organization must protect every system and vector.

Next-Generation Endpoint Security: 
Essential Elements

To protect against advanced threats, endpoint security solutions must be agile, flexible and deeply integrated. They must offer a far-reaching view of the threats to prevent attacks and avert their worst effects.

This requires:

  • Advanced detection of unknown threats that works with your existing cyber security products and applies global threat intelligence to identify anomalies that may be indicators of compromise.

  • Response capabilities such as validation, containment and remediation to determine if an endpoint is experiencing a threat, and if so, to stop communications and help the security teams contain the threats before any lasting damage is done.

  • Proactive and adaptive investigative capabilities to enable security teams to search and sweep for threats. The solution must be able to monitor and record forensic evidence to determine the scope of damage, including lateral spread and any data exfiltration.

  • Real-time threat intelligence feeds from BOTH cloud and network intelligence sources. This intelligence must be collected globally from millions of sensors worldwide and from investigations of large-scale intrusions to help organizations defend against the tactics, techniques and procedures used by advanced threats groups.

  • Support for on-premise, remote AND mobile endpoints. Organizations are increasingly mobile and an increasing amount of corporate traffic bypasses the on-premise security perimeter. Consequently, any solution must support a broad range of endpoints that includes servers, laptops, tablets and mobile phones.

Ultimately, a unified cyber security solution architecture with a broad set of capabilities to help security teams to detect, protection, analyze and respond is critical to protecting against the advanced threats targeting organizations today.

The Importance of Forensics and Investigation

Product Management Director, Akshay Bhargava discusses the role of investigation for endpoint security solutions. (2:35 min)

MVX on the Endpoint

Distinguished engineer Osman Ismail discusses building a hypervisor for the endpoint. (3:10 min)

"FireEye HX enables us to quickly track down affected machines and contain the threat, even when machines are off the network."

- Government Research Firm