As cyber threats become ever more complex, the pressure to have the right endpoint solution in place has also grown. However, the endpoint security marketplace has become congested with many different solutions, and is so full of indefensible marketing claims that making an educated decision for your organization is increasingly difficult.
This guide provides clarity by walking you through the key endpoint security technologies to ensure you have the right protection in place. It also enables you to see how different vendors stack up in independent tests, helping you make an informed choice.
The uncomfortable truth about endpoint security
The endpoint security market is full of hype and extravagant claims. However, the reality is that 68% of organizations fell victim to a cyberattack in the last year* . That’s why world-class protection is the foundation of any effective security strategy.
However, protection alone is not enough. Four out of five organization admit having a shortage of internal security expertise* . With this in mind usability is also essential if hard-pressed IT teams are to make best use of the protection capabilities.
Endpoint security solutions, sometimes referred to simply as antivirus solutions, may include a variety of foundational (traditional) and modern (next-gen) approaches to preventing endpoint threats. When evaluating solutions, it is important to look for solutions that have a comprehensive set of techniques to stop a wide range of threats. It also is important to understand the threats you are trying to prevent.
While the threat landscape is constantly evolving, below are some key endpoint threats to consider when evaluating different solutions:
- Portable executables (malware): When endpoint protection is considered, malicious software programs (malware) is often the primary concern. Malware includes both known as well as never-seen-before malware. Often, solutions struggle to detect the unknown malware. This is important, as SophosLabs sees approximately four hundred thousand pieces of unknown malware every day. Solutions should be adept at spotting packed and polymorphic files that have been modified to make them harder to identify.
- Potentially unwanted applications (PUA): PUAs are applications that are not technically malware, but are likely not something you want running on your machine, such as adware. PUA detection has become increasingly important with the rise of cryptomining programs used in cryptojacking attacks.
- Ransomware: More than half of organizations have been hit by ransomware in the past year, costing on average $133,000 (USD)2. The two primary types of ransomware are file encryptors and disk encryptors (wipers). File encryptors are the most common, which encrypt the victim’s files and holds them for ransom. Disk encryptors lock up the victim’s entire hard drive, not just the files, or wipes it completely.
- Exploit-based and file-less attacks: Not all attacks rely on malware. Exploit-based attacks leverage techniques to take advantage of software bugs and vulnerabilities in order gain access and control of your computer. Weaponized documents (typically a Microsoft Office program that has been crafted or modified to cause damage) and malicious scripts (malicious code often hidden in legitimate programs and websites) are common types of techniques used in these attacks. Other examples include man-in-the-browser attacks (the use of malware to infect a browser, allowing attackers to view and manipulate traffic) and malicious traffic (using web traffic for nefarious purposes, such as contacting a command-and-control server).
- Active adversary techniques: Many endpoint attacks involve multiple stages and multiple techniques. Examples of active adversary techniques include privilege escalation (methods used by attackers to gain additional access in a system), credential theft (stealing user names and passwords), and code caves (hiding malicious code inside legitimate applications).
Modern (next-gen) techniques vs. foundational (traditional) techniques
While it may have different names, antivirus solutions have been around for a while and are proven to be very effective against known threats. There are a variety of foundational techniques that traditional endpoint protection solutions have relied on. However, as the threat landscape has shifted, unknown threats, such as malware that has never been seen before, have become more and more common. Because of this, new technologies have come to the marketplace. Buyers should look for a combination of both modern approaches, often referred to as “next-gen” security, as well as proven foundational approaches.
MRG Effitas Malware Protection Test
MRG Effitas conducted a commissioned test comparing the ability of different endpoint protection products to detect malware and potentially unwanted applications (PUA). Six different vendors, including Sophos, were reviewed in the test. Sophos ranked #1 at detecting malware, as well as #1 at detecting potentially unwanted applications. Sophos also had an impressive false positive rate.
MRG Effitas Exploit and Post-Exploit Protection Test
As a follow up to their malware protection test, MRG Effitas also release a report comparing different endpoint solutions stop specific exploitation techniques. Sophos Intercept X far outperforming the other solutions tested. In fact, Sophos was able to block more than twice the amount of exploit techniques relative to most of the other tools tested.
Extending Your Security: Consider Complete Protection
An endpoint security solution is just one part of an overall security strategy. Today’s organizations are wise to look beyond the endpoint toward protecting the entire environment.
Ideally, a single vendor provides solutions that work together to give you consistent protection and policy enforcement throughout your organization. Working with a single vendor can provide better security, reduce administration, and lower costs.
Some specific technologies to consider along with endpoint protection include full disk encryption, mobile device management, mobile security, secure email gateway, specialized server or virtual machine protection, and Synchronized Security between endpoint and network devices.
Endpoint Detection & Response Sophos
Intercept X Advanced with EDR integrates intelligent endpoint detection and response (EDR) with the industry’s top-rated malware detection, top-rated exploit protection, and other unmatched endpoint protection features.
Intelligent endpoint detection and response means that security teams have the visibility and expertise they need to answer the tough questions that are asked as part of an incident response effort including:
- Understand the scope and impact of security incidents
- Detect attacks that may have gone unnoticed
- Search for indicators of compromise across the network
- Prioritize events for further investigation
- Analyze files to determine if they are a threat or potentially unwanted
- Confidently report on your organization’s security posture at any given moment
Sophos Intercept X Advanced highlights include:
- EDR combined with the strongest endpoint protection
- Deep Learning Malware Analysis to replicate the role of malware analysts
- On-demand curated threat intelligence from SophosLabs
- Machine learning detection and prioritization of suspicious events (available in 2019)
- Guided investigations that make EDR approachable yet powerful
- Respond to incidents with a single click
As cyber threats continue to grow in both complexity and number it’s more important than ever to have effective protection in place at the endpoint. Understanding the threats you need to block and the different security technologies available will enable you to make an informed choice of endpoint security, and give your organization the best protection against today’s attacks.