By now you have probably heard the term “Next Generation Endpoint Protection. A slew of companies, startups and incumbents alike use the term to describe some of their offerings. But what does it actually mean? What are the capabilities you should look for in a Next Generation Endpoint Protection Platform? What makes it “next generation”?
Background
Due to the immense amount of threats, high profile successful attacks, and the growing ineffectiveness of traditional security solutions, a new model is needed to protect ever evolving endpoints from a new age of malware.
Endpoints are no longer just desktop computers running a Windows operating system. When we say “endpoint”, we mean any type of machine that can execute code, including: laptops, desktops, servers, mobile devices, embedded devices, SCADA systems, and even IoT devices. It is obviously a very different world and as endpoints evolve the difficulty to keep them protected from sophisticated attackers also increases.
As attackers evolve, they use different techniques to evade traditional security solutions (such as endpoint antivirus, gateway antivirus, and even IPS, IDS and Firewalls) – which are based on static form signatures to identify malicious files, URLs or IP addresses. Common techniques include using polymorphic malware, packers and wrappers and other methods that take a known binary and cause it to appear completely new, unknown, and benign on the surface. Defenders needed a new way to identify whether an unknown file was malicious or benign.
Summary
The ineffectiveness of traditional endpoint protection has spurred the rise of solutions seeking to fill the gap. A next generation endpoint security solution requires certain capabilities to secure the next generation of endpoints by stopping the next generation of threats. To avoid repeating mistakes of the past, comprehensive protection needs to support multiple platforms and integrate the following pillars into a single agent:
- Prevention
- Dynamic exploit protection
- Dynamic malware protection
- Mitigation
- Remediation
- Forensics
Overview
This whitepaper will lay out and define the critical core pillars of a next generation endpoint protection platform (NGEPP), the role of each, and the challenge they address. In addition, it will provide recommendations and capabilities to look for when deciding to implement NGEPP solutions in a modern enterprise environment.
