Organizations have become more and more aware of how important protecting network-bound endpoints is in the tumultuous cyber-environment we are living in. A Ponemon study even revealed that the cost of a data breach on American soil in 2014 was of roughly $12,7 million, a grim wake-up call for all businesses to focus on protecting their sensitive data, while also coping with the invasion of personally-owned devices within their network perimeter.
The average number of devices an employee uses nowadays has drastically increased over the past decade and, unsurprisingly, so has the number of security issues they may bring along. These devices are either issued by the organization or personal – given the rising “Bring Your Own Device” trend – and, while connected to a corporate network, generate a high-risk concern for enterprises of all sizes. Securing all endpoints whichcan vary from desktops, laptops, smartphones and tablets to specialized equipment, can be a challenging task, especially given the fresh opportunities they provide skilled hackers with, to the detriment of the organization itself.
Endpoint security is a security management system based on software that is located on a centrally managed server or gateway hosts, on top of pre-existing client software on each endpoint. Its aim is to identify, manage and control devices that are attempting to access the corporate network. The elements required for a successful connection may include a legitimate operating system, a VPN client and an up-to-date antivirus. If these basic conditions are not met, devices are given restricted access or are even quarantined on a virtual LAN. Regardless of the delivery model, in endpoint security, the host server has to: 1. validate user credentials; 2. scan the device to ensure it aligns with the security policy;and 3. update the device software if necessary. However, when delivered in SaaS mode, the host server and the accompanying software need to be maintained by the vendor.
The protection software provided is, in fact, a composite software suite, a bundle of products that are normally standalone, the extent to which they are included in the suite differing from provider to provider. This combination of techniques is integrated into a single product, meant to detect malicious behaviors and respond accordingly, either through blocking suspicious network traffic or through preventing an application from being executed.Nevertheless, the capabilities of its most often encountered elements like antimalware, host-based firewall, vulnerability assessment and so on, are not exhaustive. To see why, check out our previous article on the pressing need for advanced security analytics.
That being said, on the one hand, the obvious advantages to this approach are blocking 0-day attacks, providing basis forensics coverage and protecting systems on- and/oroffline. On the other hand, the downfall to this solution resides in the deployment and the management of the agent software, heavy in terms of resource depletion since itrequires manual configuration, monitoring and updating. As a result, endpoint security becomes hard to implement among businesses that wish to push for a BYOD policy. In another word: effective, but not efficient.
Going one step far beyond in the direction of full efficiency, ITrust created Reveelium, an agentless intelligent solution designed to prevent overloading endpoint devices and to help enterprises build a true security analytics architecture. It is able to identify the symptoms of all malicious behaviors through its automated anomaly detection system. Built as a multi-dimensional BigData technology, Reveelium includes: a detection engine of weak signals hidden in large amounts of data (1); a correlation engine, based on the experience of system engineers and security consultants (2); and a global knowledge base, Reveelium’s experience repository which collects, abstracts and shares the behaviors identified across Reveelium users (3).
Reveelium not only enables real-time detection of behaviors that deviate from the norm, it is also a non-intrusive Plug&Play solution, that doesn’t need to be maintained by an external source. Easily combined with pre-installed security tools, with an increased detection capability and a low rate of false-positives, Reveelium can also be delivered in SaaS mode.