Guest article by John Murgo, CEO of Digital Immunity
The frequency of high-profile data security breaches has increased the urgency to improve digital security in every enterprise. The challenge confronted by all is how to effectively protect critical data in the face of persistent and ever-changing threats from malicious hackers, foreign governments, and criminal ransom schemes. Traditional security strategies have failed to perform. Now executive and operational focus are on what new strategies – new thinking – can address the threats.
Enterprise data needs to be both safe and accessible. The traditional security approach has been a complex balancing act using system patches, conventional data protection, and security programs – with unsatisfactory and often disastrous results. Then there are the variations among OS versions – some no longer supported but still in use. Hacker’s go after the millions of older systems because they are more vulnerable, exposed.
Traditional security approaches typically look at a collection of files and try to figure out where the problem may be or even if there is a problem. This doesn’t look right. This doesn’t look right. Again, and again. And it may not be right, but it takes a huge amount of time and effort to determine if it isn’t right. Resolving the security problem demands a new strategy that doesn’t rely on knowing every potential hacker’s attack code; knowing if something doesn’t look right. We know the bad guys are constantly changing their approach. As each new security barrier is thrown up, the hacker’s find a new way around. They are skilled, inventive, and determined. But suppose that you didn’t need to analyze the malicious code in order to recognize and stop it.
For every enterprise, data security is measured in clearly desired outcomes:
- Stable and secure operations – Any security solution being considered must be able to protect your critical digital assets but NOT impact the operations and not be taxing to your network. The people in the organization need the bandwidth, not the security solution and in the event of an attempted attack the response needs to be swift and surgical otherwise an entire organization can be shut down- think WannaCry. In any event, you must have a way to recover or restore your data quickly and with confidence.
- Data access without compromise – People need to be confident they can access data and do their job without fear of compromise. Hackers are constantly looking for vulnerabilities in operating systems and applications. Once discovered, they create malware, weaponize it and attack. You should not be fearful of opening a document you need to do your job- think phishing attack
- Auditability & smart threat alerts – Any security solution must have an intuitive dashboard that provides high value actionable alerts, no false positives. Their must be robust threat intelligence and forensic artifacts in context specific to your organization. All this data needs to be captured and reported in a way that is multi- dimensional and customizable. Consumers of these reports range from the Board Room to business unit leaders, Security and IT professionals
- Protection from risk and disruption – Any security solution needs to be able to balance security with business operations. One without the other is dangerous. But, it is not a one size fits all proposition. Certain areas of the organization may have different risk profiles, or certain assets (servers’ vs workstations) may be protected differently or even protected the top 10 attack vectors from an OS application perspective may be desirable. Its about what makes the most sense and what is the appropriate policy to protect your critical digital assets.
Information Technology has become the business. Now the challenge is to prevent digital business disruption. Any downtime has immediate impacts on finances, productivity, and customer satisfaction. Regulatory compliance and shareholder protection must be satisfied. However, with massive data growth, data security has become even more complex. The proliferation of security strategies and applications are difficult to track and maintain. But, without solid protection, every reputation is at risk of lasting brand damage.
Preservation of the bottom line, shareholder value and citizen confidence all require safeguards that ensure data integrity while achieving a measurable return on data investments. So, investments in data security applications, staff expertise, and appropriate infrastructure must demonstrate sufficient data safeguards. But traditional security strategies have proven ineffective.
There is another way.
Next-generation endpoint security provides a unique advanced security that simply stops advanced persistent threats (APT’s) and Zero Day Attacks. The integrity of operating systems and related applications is protected in memory at runtime when applications are most vulnerable. The solution requires no pre-existing knowledge of exploits or vulnerabilities, and after stopping any threat, Next-generation endpoint security provides intelligence with detailed forensics from the point of attack.
The execution of malware is prevented in every environment: on-premise, private cloud, public cloud. It operates in any deployment: VMs, containers, physical. And capabilities can be efficiently deployed in remote office locations or by Service Providers to give their clients heightened data security.
“Inside nearly every enterprise, there is security staff spending countless hours discovering and fighting attacks that their security systems missed. And there are some they may never know about. Digital Immunity can stop any of these on the first try.”
-Dan Geer, CISO at In-Q-Tel
The first step is the creation of immutable references. Think of it as a DNA map that, in the event of a security breach, will use a known-good and unalterable system map to recognize the unauthorized code and stop it. There is no need to recognize a particular foreign code or virus, but only to recognize that it is not part of the DNA map. This is not a high-overhead cyber security tool, but a lightweight kernel sensor on the endpoint monitors the execution of code in real-time. Digital DNA mapping and operation on the endpoint are separate processes with mapping done once per function code body and recognition done many times during subsequent executions. This method reduces run-time recognition overhead to less than 1%. The solution is also highly scalable and can accommodate small to large-scale enterprise organizations, protecting any application, in any environment, with any deployment.
Next-generation endpoint security benefits:
- Protects critical digital assets using a lightweight sensor
- In memory runtime protection
- Captures forensics
- Embraces rapid, agile development
- Eliminates alert and patch fatigue
- IT staff work smarter, not harder
It’s been clear for some time that a new approach and different thinking are needed to make significant strides in data security. Next-generation endpoint security represents that new thinking. This is the new perimeter, an achievement that can ensure computational integrity and security for every enterprise.
If you found this helpful, please share.
Want to learn more?