My day started recently with a phone conversation that followed a somewhat familiar track. The CISO of a midsized hospital was debriefing me on a security incident that had taken place on his network. Several systems were infected by ransomware and, although the hospital was able to recover its data in this instance, the CISO wanted to protect the organization against future outbreaks.

He mentioned that the hospital runs antivirus software on every device, including the devices involved in the ransomware outbreak. He summed up his frustration by saying, “I thought we were running the latest and greatest product, and we update our signatures every day. What happened?”

The reality is that traditional, signature-based anti-malware software simply isn’t sufficient to combat modern security threats. Zero-day attacks, which exploit previously unknown vulnerabilities, cannot be detected by signature-based anti-malware, because their signatures are unknown. Cybercriminals use these attacks to target enterprises of all sizes and wreak havoc.

New Defenses

We talked about the hospital’s security objectives and settled on deploying a proof-of-concept test that combined two emerging security technologies: advanced endpoint protection (AEP) and endpoint detection and response (EDR). The hospital had neither of these technologies in place, and I was confident that deploying them would dramatically improve its security posture.

AEP uses artificial intelligence to block previously unknown attacks. Instead of relying on security vendors to develop signatures of known attacks, AEP identifies models of normal behavior on endpoints and then flags any deviations from these models as abnormal activity that can be either automatically blocked or further investigated. Deploying AEP in conjunction with traditional anti-malware solutions packs a powerful one-two punch that stops malware before it can gain a foothold on endpoints.

EDR serves as a secondary line of defense that steps in when anti-malware controls fail and a threat compromises an endpoint. When an EDR solution detects an active malware infection, it triggers a series of automatic security measures by quarantining infected hosts, conducting forensic analysis and remediating vulnerable systems. It allows security analysts to quickly visualize an incident and uses the cyber kill chain to recommend remediation activities.

Combining AEP and EDR follows the security principle of defense in depth: deploying overlapping security controls that compensate for each others’ failure. If a threat manages to slip past traditional anti-virus detection, AEP may be able to stop it in its tracks. If a particularly crafty threat eludes the AEP solution, EDR can quickly identify, isolate and remediate affected systems before any damage is done.

We deployed AEP and EDR technology at the hospital, and the CISO was shocked to find that the new technology immediately identified several other threats lurking on his network that had escaped the notice of his security team. While the CISO was surprised, I was not. I’ve seen this scenario unfold with many client networks. Deploying AEP and EDR solutions allows security teams unprecedented visibility into the security status of their endpoints and pays immediate dividends in the form of a more secure network.

Learn more about how CDW can help you deploy security solutions from vendors such as Sophos to protect your data from advanced threats.

This blog post brought to you by:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>