Advances In Antivirus Protection - Next Generation Endpoint Protection (NGEP)
Technology and IT security methodologies have progressed significantly over the past twenty years. With these advances, there are two things in life that have not changed. Computer hackers are continuing to develop strategies and tactical methods to breach secure networks, either directly, or through an employee’s and/or consumer’s computer, tablet, and/or mobile phone. These devices remain to be the primary target or access point for today’ s hackers.
High profile companies in Atlanta, nationally and worldwide continue to experience breaches in their security and exposing their “secure” network, obtaining access in spite of the deployment of antivirus, desktop firewalls, anti-malware, intrusion detection, web filtering, vulnerability management, anti-spam and more. Small and mid-size businesses are even more vulnerable, as they often lack the in-house staff and large budgets to protect you and your users’ assets. Partnering with a trusted IT solutions contractor minimizes security and network risk and cost, and provides contemporary strategic and tactical solutions to keep data secure.
A new type of technology has recently emerged that is designed to prevent and detect threats at the endpoint, using a unique behavior-based approach.
The Traditional Antivirus Solutions Problem
Traditional Antivirus Solutions rely on the simple concept of (1) detection and (2) response. Effectively detecting and identifying a virus is important to minimize damage, and quickly stopping the attack is essential to minimizing exposure. Quickly responding to a recent attack that may slip through is the next best option, but often, this is too late.
The primary issue with many security tools is that these solutions are searching for a known virus, malware code, looking for characters or items known as a “hash” (a pattern in a file that identifies it as a virus), a known vulnerability, an IP address, or other recognizable behavior. Malicious hackers are continually changing their methodologies and techniques to mask their tactics to intrude and bypass security measures.
Once a threat is detected, a proper response is needed. Often, a cognitive decision needs to be made to determine what to do next. Is quarantine, killing a process, or removal of a file the best method? Do you know? Often, you have to rely on a “best guess” with the information and knowledge you have. Wouldn’t it be better to have a professional with the proper tools make the assessment?
Until recently, it hasn’t been possible to efficiently implement automated responses to infiltrations. Without new, advanced antivirus software capable of sorting out false positives from real threats, we simply needed to rely on the detection and response method, and implement the best guess solution.
Advanced “Next Generation Endpoint Protection (NGEP)” Detection
A new type of technology has recently emerged that is designed to prevent and detect threats at the endpoint, using a unique behavior-based approach. In lieu of looking for a known entity or it’s variant like signature-based detection, next-generation endpoint (NGEP) security analyzes file characteristics (to uncover known and unknown file-based malware) as well as the entire endpoint system behavior to identify suspicious activity.
Endpoint Detection and Response
Endpoint detection and response (EDR) monitors for activity and enables administrators to take actions on incidents, to prevent them from further infecting and spreading throughout their organization. Next-Generation Endpoint Protection (NGEP) goes one step further, taking automated actions to prevent and remediate attacks. This automated and timely mitigation is an integral part of NGEP.
Options for automated mitigation include quarantining a file, killing a specific process, disconnecting the infected machine from the network, or even completely shutting down the infected source/endpoint. NGEP is also capable to restore an endpoint to its pre-malware trusted state, while also logging what data has changed and what issue was successfully remediated.
SMB IT Solutions currently deploys Next Generation Endpoint Protection for a number of valued customers. To learn more about this new, advanced data security technology call 1.888.245.1528 or send an email to .
Posted in: Article