Technology has certainly empowered the adversary, across far more attack surfaces than just endpoints alone. In fact, many other security disciplines have been forced to adapt to increasingly sophisticated attacks — and when they do, they all turn to the same foundation: big data.
The analogy is as simple as moving from a lock on a door to a video surveillance system, but we see it manifest in many different ways.
Consider these examples:
Security systems that capture, centralize, and analyze data are far more effective than those that perform a spot check at a single point in time. In short, the better your data, the better your protection.
For too long, endpoint security has followed the antiquated “point-in-time” security model: if the executable doesn’t match a known malware signature, let it run.
It’s now time for endpoint security to move to a new model built on big data in the cloud. Only by applying the unlimited processing power and scale of the cloud to the endpoint security problem can we keep up with — and even predict — the threats coming our way.
The key flaw in antivirus is the assumption that if it finds malware, it has stopped the threat. In fact, that is not at all the case. Malware is just one piece of the attack — and not always a necessary one.
This rudimentary view of how attacks work is too reactive to be successful in today’s fast-changing threat landscape. In the days it takes to define and deploy a signature, the damage has already been done.
Consider what’s possible with the cloud. The cloud can monitor an endpoint’s behavior, looking at both normal and abnormal activity, and compare that activity to vast stores of data from other endpoints. By analyzing these event streams across all endpoints under management through a process known as streaming analytics, the cloud creates a global threat monitoring system, allowing it to detect and predict attacks — even if they’ve never been seen before.
This is only possible if the endpoint solution does not filter data before going to the cloud. Many endpoint solutions only send data related to threats they’ve detected. Unfiltered data collection, on the other hand, gives the cloud the opportunity to analyze data it otherwise wouldn’t, enabling the detection of unknown threats hiding in what looks like normal event streams.
The cloud delivers faster, more accurate protection:
Threat Prediction: Discovers new threats through unfiltered data collection and streaming analytics
Global Threat Monitoring: Every endpoint under management becomes part of a worldwide threat monitoring system
Real-time Intelligence: Shares detections, trends, and key threat intel across all endpoints within seconds
Looking to learn more?
The post The Future of Endpoint Security is the Cloud, Part 1: Predictive Security appeared first on Carbon Black.