Home>Blog>The Hacker News Headlines>Download Guide — Advanced Threat Protection Beyond the AV
The Hacker News Headlines

Download Guide — Advanced Threat Protection Beyond the AV

EDR EPP cybersecurity softwareEDR EPP cybersecurity software

At a certain point, almost every organization reaches the
conclusion that there is a need to move past just the standard AV
and firewall stack in order to soundly protect their environment.

The common practice in recent years is to gain extra protection
through implementing either EDR\EPP solutions (represented by
vendors like Crowdstrike and Carbon Black) or Network Traffic
Analysis/NDR solutions (such as Darktrace and Vectra Networks).
Fortune 500 companies who have large security teams, would usually
choose to buy and implement both.

A recently published guide, ‘Advanced Threat Protection Beyond
the AV’ (download
here[1]) is the first resource
that not only guides security executives through the pros and cons
of each solution type but also outlines a best-practice approach
that allows the “non-Fortune 500” companies to combine the
advantages of both approaches – without actually buying both.

The proliferation of advanced threats in the decade has
gradually led CISOs and other security professionals to acknowledge
that both perimeter protection, as well as signature-based endpoint
protection, cannot protect against the sophistication and creation
volume of polymorphic malware, fileless attacks, exploits, the
numerous post-exploitation techniques for reconnaissance,
credential theft, lateral movement, and data exfiltration.

This insight has led to massive growth in solutions that
implement either one of two approaches:

1. Place your protection on the Endpoint – This
approach is founded on the notion that since malware execution is a
substantial part of most, if not all, attacks. The solution for
advanced threats should come from monitoring both executed files
and running processes, using innovative technologies to identify
and block/alert malicious files or processes without relying on
known signatures.

In terms of market categories, it falls into the Endpoint
Protection Platform (EPP), Next-Generation Antivirus
(NGAV), and Endpoint Detection and Response
(EDR).

Advanced Threat ProtectionAdvanced Threat Protection

2. Place your protection on monitoring the Network Traffic
 This approach is founded on the notion that malicious
presence and activity within a compromised environment inevitably
entail anomalous endpoint, network, and user behaviors that would
never occur under normal circumstances.

Following this logic, continuous monitoring of these entities’
behavior as reflected in the network traffic they create, enables
the establishment of a behavioral baseline, and identify attacks
based on the deviations they create. In terms of market categories,
this approach falls into Network Traffic Analysis (NTA) and
Network Detection and Response (NDR).

Advanced Threat ProtectionAdvanced Threat Protection

While each of these approaches provides substantial protection
capabilities comparing to legacy, signature-based solutions they
radically vary from each other in their implantation,
infrastructure, and most importantly, in the type and scope of
threats each approach protects from.

The Advanced Threat Protection Beyond the AV Guide dives deep to
explain the differences between the endpoint and network-based
approaches, specifying the pros and cons of each and leading to the
conclusion that the best protection against cyber-threats entails
combining the capabilities of both approaches.

The Advanced Threat Protection Beyond the AV is an ideal
knowledge resource for several types of security buyers:

  • Large enterprises that have a well-resourced security
    team that operate an already existing multi-product security stack.
    These organizations ultimately will deploy both solutions side by
    side but need to prioritize and evaluate them against the products
    they already have in place.
  • Mid-market companies that would typically make a single
    ‘advanced security’ investment, and need to gain precise knowledge
    on the nature of protection this investment translates to.
  • Any organization that historically deployed a solution
    from either approach and is actively experiencing a security gap.
    This type of buyer should have the tools to learn if these gaps can
    be addressed by a solution from the other approach.

Download the Advanced Threat
Protection Beyond the AV Guide[2]
here.

References

  1. ^
    download here
    (go.cynet.com)
  2. ^
    Advanced Threat Protection Beyond the
    AV Guide     (go.cynet.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.