Increasingly, organizations need to be smarter about how they determine what is actually a threat, Lopez says, using data not just from endpoints such as laptops and mobile devices but also from the network edge, secure web gateways, firewalls, email getaways and so forth. Next-generation endpoint security tools enable agencies to, for example, detect command-and-control server activity that might not be apparent on an endpoint, and feed that data into their telemetry so that they can make smarter security decisions.
Another pillar of next-generation endpoint security is EDR, which moves beyond simple detection of a security compromise and manages an active response that contains the damage, isolates affected systems and recovers normal operations as quickly as possible.
EDR solutions combine a client that is actively conducting anti-virus, firewall security and intrusion prevention, as well as solutions that will immediately respond once a threat is detected.
Next-generation endpoint tools are ideal for securing government users’ endpoints at home, Lopez says. “They have their IT-supplied desktops or laptops, but they’re also sometimes having to join from tablets, mobile devices,” he says. “So, having mobile capabilities for your endpoint security is also a big part of next-gen endpoint security.”
Another capability that is popular in next-generation endpoint security platforms is rollback remediation, Lopez says. “As much protection as you put in place, anyone that tells you you’re 100 percent safe has not been doing this for a living; things are going to happen, and things are going to get through,” he says. “How do you deal with it when it happens?”
Rollback remediation allows agencies to use previously created images, or versions, of a user’s system. When malicious activity and changes are detected, such tools can reverse the changes and restore the system to its previously healthy state. “Then, you should not lose everything you were working on,” he says. “You’ll just lose 10 to 20 percent, vs. everything.”
How Next-Generation Endpoint Security Uses AI and Machine Learning
Next-generation endpoint security takes cybersecurity to the next level in terms of behavioral analysis, Lopez notes. To do that effectively, however, such platforms must leverage AI and machine learning techniques.
Next-generation endpoint security tools can help IT security professionals understand whether they are encountering valid applications or uses of system capabilities, such as Remote Desktop Protocol (RDP).
As these tools start ingesting data in user behavior and intelligence, and begin looking for anomalies in users, applications and even network traffic, there is a high possibility false positives will occur. The platforms may detect what might seem to be anomalous malicious activity that is, in fact, benign.