Ready to Start Your Career?
June 4, 2016
End Point Protection: Your First Line Of Defense
June 4, 2016
For a long time, the main focus of many organizations was to have a solid protected network perimeter by installing the most powerful shiny firewall/IPS/IDS they could afford. This could help them keep intruders from trespassing inside their networks.The end point (host) protection was always considered the last line of defense and never treated with the same priority as other assets. In fact, end points were always considered to be an extremely time consuming commodity for IT departments to care for. IT departments spend hours or even days performing remediation, including re-imaging computers in order to get rid of malware.Since 2013, we've witnessed a seemingly unfinished parade of headlines about high-profile data breaches, many of which were the result of compromised end points. For example:
- Target’s high-profile breach in December 2013 cost it $162 million in expenses across 2013 and 2014. This breach was reportedly to be the result of a compromised point-of-sale (POS) system.
- In 2014, Home Depot, another big-box retailer, saw 53 million email addresses and 56 million credit cards impacted. According to the company report, a custom built malware was deployed on its self-check out systems in the U.S and Canada. This was an extremely targeted type of attack.
- In 2014, Panda Security reported the creation of malware had broken all records with more than 15 million new samples. More than 160,000 new samples were appearing every day. In 2015, Panda Security reported another record, reaching an average of 230,00 new samples daily only during the Q2 of that year. This statistic shows us that malware is becoming more uncontrollable every day.
- Off Premise: It's basically a cloud solution managed by the sandbox vendor and requires a subscription depending on the types of files that you want analyzed. This solution may not be the best for some companies, as the suspicious files have to be sent to the cloud for detonation.
- On Premise: When there are regulation, compliance and privacy concerns, some companies (especially government and bank organizations) prefer to have the sandbox appliance on premise so that the files don't have to leave their environment.
- Application Whitelisting: Application Whitelisting is a technology that has been in use in the security world for quite some time. In essence, it's the opposite approach to blacklisting, which it is the technology used in almost every antivirus product in existence today. In the blacklisting approach, every new file on a system is checked to see if it appears to be malicious, and if so, it's blocked from executing and carrying out any damage. Application Whitelisting takes a different approach. By default, it will deny the execution of any application that has not been explicitly approved. In other words, it blocks everything that is considered unknown.