Three ways to use the cloud to regain control over network endpoints

23.12.2015
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

The dramatically increased persistence and creativity of attackers call for an equally radical change in how businesses protect themselves. Promising new cloud-based endpoint security solutions can meaningfully change how we protect against cyber intrusions.  Here's how you can leverage the cloud to regain control over endpoints:

1. The cloud can enable enterprises to keep tabs on and learn from attackers as they test attack strategies. Today’s adversaries often have the resources to buy traditional security software, network appliances and virtually any other on-premise solution to figure out how they tick. By re-creating mock networks and endpoint protection systems of victims they target, they can find ways to bypass defenses. Given that on-premise defenses are by design downloaded and available locally, they are naturally exposed to attacker scrutiny-- and without tipping off the vendor or the intended victim.

The cloud disrupts this attack model. With a cloud-based endpoint technology the adversaries may be able to acquire the endpoint sensor software, but when they install it in the lab and run mock attacks, the security provider can see each attack. It's possible, then, to observe the attackers' tactics before they're launched in the wild. The first time they run an attack, it's recorded, analyzed and shared with sensors on every defenders’ machine, preventing that technique from being used again.

In this way, the cloud model changes the fundamental offensive/defensive asymmetry and flips the advantage from the attackers to the defenders.

2. Every attack feeds into new defenses for all. With conventional defenses, even when attackers are unsuccessful, they learn from the process. For example, attacks are typically carried out in multiple stages. An attacker can determine at what point their actions were detected, and adapt their methods to circumvent the detection, reusing the undetected steps that got them to that point.

Having full visibility into the endpoint via cloud architecture allows analysis of each stage of the attack, not just the point at which an attempted intrusion was identified. Using an adaptive security model, defenses can be created in real-time to counter each stage of the attack, as opposed to a single signature or indicator of compromise (IoC)… or even a single behavior. By blocking multiple phases of an attack at once, adversaries are forced back to the drawing board to re-think their entire attack strategy as opposed to a single step. The ability to see events across the kill-chain, in context and in real time, moves the advantage back to the defender.

Everyone benefits from contributing to the cloud – except the attacker.

3. Security as a business enabler. In today's BYOD, mobile-first workforce, users are frequently working from home, on the road or simply in a cafe down the street. Few people are behind the VPN 24/7 anymore, benefitting from layers of network defenses. Endpoint security delivered through the cloud makes it possible to manage remote assets as easily as those on the network. Further, it relieves the enterprise from having to invest resources to protect the on-premise management console or worry about operational details such as database maintenance.

The same is applicable to the upgrade process. With the on-premise endpoint security model, update cycles are slow to come from the vendor and painful for the enterprise. Today, major antivirus vendors are subject to a laborious process for creating product updates, which can last from six to 12 months as they develop and test new protection. Once this arduous process is completed, there are typically additional delays as the client upgrades to the new release.

As the months tick by, the attackers are refining their techniques daily. The result is that updates can be months out-of-date when they arrive. Conversely, a cloud security provider can update protection in the cloud itself, even applying new detections to existing customer data without touching endpoints. The most updated version of protection is always available on-the-fly and algorithms can be adjusted as needed without consuming network bandwidth or even touching the customer network or endpoints. Even better, enterprises can get off the upgrade treadmill and eliminate the time-consuming update process entirely.

Business and IT leaders now accept that breaches are highly likely, if not inevitable, risks of doing business today. Our responsibilities as security leaders are to be on a continuous hunt for solutions that fill the voids in the evolving threat landscape. At the same time, security cannot hamper critical end-user empowerment trends like BYOD. The cloud truly opens up organizations’ ability to defend against spiking attack volumes with no loss of workforce productivity.

CrowdStrike is a cybersecurity technology firm delivering next-generation endpoint protection, threat intelligence and pre- and post-incident response services.

(www.networkworld.com)

By Dave Cole, Chief Product Officer, CrowdStrike