We use cookies to improve your experience. Do you accept?

Introducing Cyber Fusion Integrated with Endpoint Threat Response (Part I)

Introducing Cyber Fusion Integrated with Endpoint Threat Response (Part I) - Featured Image

Cyber Fusion and Threat Response Feb 8, 2022

What is an Endpoint?

An endpoint is a network-connected device that communicates back and forth across a corporate network. Precise definitions of what constitutes an endpoint vary—some consider networking equipment like switches and modems to be endpoints, while others use the term to describe devices outside the corporate firewall, e.g., laptops, tablets, smartphones, etc. Some even include virtual environments, which makes some sense.

Generally, though, the term is used to describe any remote device connected to a network that could be an entry point for an attacker—notably, PCs, laptops, mobile devices, servers, and IoT/OT devices.

Endpoint security is simply the practice of protecting these devices from exploitation by malicious actors. This is done using a combination of endpoint security tools and direct intervention by incident responders.

Why is Endpoint Security Important?

Network endpoints are a popular infiltration point for attackers, as they are more exposed than an organization’s crown jewels. From laptops, mobile devices, and IoT/OT infrastructure to servers and virtual environments, compromising an endpoint is a much easier proposition for an attacker than trying to gain direct access to a sensitive database or system.

So it shouldn’t come as a surprise that endpoint attacks—and consequently, endpoint security —have become a significant pain point for security teams.

Ponemon Institute’s****2020 State of Endpoint Security Risk study found that 68% of organizations ‘‘...experienced one or more endpoint attacks that successfully compromised data assets and/or IT infrastructure over the past 12 months, an increase from 54% of respondents in 2017.’’

In the same study, 68% of respondents said their organization’s endpoints had faced a higher frequency of attacks over the preceding year. Meanwhile, the cost of successful endpoint attacks has risen from $5.01 million in 2017 to $8.94 million in 2020.

These figures paint a bleak picture. Despite a significant rise in expenditure on endpoint security tools—the market grew by 8.1% in 2020 alone and is expected to continue growing at a CAGR of 8.1% between 2021-2028—the frequency and cost of endpoint attacks are rising quickly.

What Endpoint Security Tools are Available?

Three technologies dominate the endpoint security market: EDR, EPP, and XDR.

Endpoint Detection and Response (EDR) tools

These solutions record and store system-level behaviors from endpoints and use analytics to detect suspicious behavior, provide context, block malicious activity, and suggest remediation steps to protect or restore compromised endpoints.

Gartner states that EDR solutions must provide four main capabilities:

  • Detect security incidents

  • Contain the incident at the endpoint

  • Investigate security incidents

  • Provide remediation guidance

  • EDRs are an active security control, meaning they detect threats and aid investigation but require a human analyst to complete remediation steps.

**Endpoint Protection Platforms (EPP) **

  • EPPs aim to prevent and protect against known and unknown endpoint threats and allow analysts to investigate and remediate incidents that evade those controls. EPP functionality includes:

  • Malware signature matching

  • Sandbox file testing for malicious behavior

  • Behavioral analysis to identify threats with unknown signatures

  • Static file analysis

  • Whitelisting and blacklisting of IP addresses, URLs, and applications

  • Compared to EDRs, EPPs are mainly a passive control that protects against endpoint threats without requiring human supervision. However, some EPPs now incorporate EDR functionality, allowing them to perform both roles.

Extended Detection and Response (XDR)

XDR solutions play a similar role to EDRs, but for a broader range of assets. While EDR tools focus specifically on endpoints, XDR aims to detect and prevent threats against all components of an organization’s environment, including endpoints, email, cloud workloads, networks, and more. XDR is currently an emerging technology, and the definition and concept are being refined as it matures.

Why We're Headed in the Wrong Direction... and How to Stop it

If organizations are spending more on endpoint security… and have such a strong range of tools to choose from… why are endpoint security breaches becoming more common and more costly?

More importantly, what can organizations do to reverse the trend?

Download our white paper that provides more operational detail on use cases, process improvements, and strategies that you can implement at your organization.

Related Blogs