Time to Move from Reactive to Proactive Endpoint Security

By on Jun 12, 2020

One of the most useful new ideas in software development (especially in DevOps) is the concept of “shift-left.” Its meaning is simple: The earlier you are able to tackle an issue, the less trouble you will have later by preventing defects early in the software delivery process. But shift-left is also particularly relevant to Endpoint security. By acquiring knowledge of external threats as they relate to an organization’s own security posture, it is possible to accurately anticipate what might happen and establish a more effective defense.

As most of us are aware, digital transformation through big data analytics, online transactions, the Internet of Things (IoT) and cloud-based applications has dramatically changed businesses of all kinds. At the same time, workers have become mobile on a global scale, requiring access to ever larger amounts of data. And during a pandemic outbreak, large numbers of employees must work from home.

Meanwhile, cybersecurity adversaries have increased in number and their threats have increased in sophistication, making life difficult for often overwhelmed cybersecurity staff who must contend with a confusing array of manual tools. Traditional Endpoint defenses are not effective anymore. It’s no longer good enough to sit back, wait for an attack and then try to recover from it.

Because we can always count on adversaries to be persistent and increasingly sophisticated, cyber defense cannot stand still. Fortunately, new technology is giving us better defensive weapons, including the vital tool of intelligence — information about what adversaries are doing – or are likely to do – and about our own defenses.

Shift-left Endpoint security means gathering this information and putting it to use by being better informed and better prepared. Shift-left means being able to anticipate and stop breaches before they happen, and should an attack get through, to run more effective mitigation procedures because you know ahead of time what’s coming. That sounds good, but how does it work in the real world?

There’s a lot of data out there, more than humans can grasp, so it’s important to put automation to work for us. Sensors that are strategically placed across worldwide networks monitor hacker activity to identify what’s going on. But automated data-gathering and analysis is not enough. Human intelligence is needed to fully understand and interpret the correlations revealed by machine intelligence.

For example, a few weeks ago, RagnarLocker ransomware was targeting the energy sector. If you’re not in the energy sector, you might have thought you could breathe easy. But just what is Ragnar doing now? Is it moving to another target industry? If so, which one?

Applying big data analytics to a data lake containing customer telemetry can show a data scientist that, let’s say, healthcare companies are next on the list of Ragnar victims. Unfortunately, most organizations do not have the resources or time to perform this type of analysis.

That’s why you need to take the next step – applying Attack Surface Management to understand your organization’s own susceptibilities to a potential attack. What if you could automatically run a scan to discover your own weaknesses and match the results against the intelligence data from the outside, then receive a high-priority alert with guidance as to next steps? Knowing what attacks are in the offing and how they might be effective against your organization arms you with the critical intelligence you need to take preventive action.

Innovating on Endpoint Security

By shifting left – pulling together security information and responding immediately – you won’t have to spend your time on the “right” side of things later, dealing with breaches after they occur. This need is all the more urgent when you consider that 279 days is the average time it takes to detect and contain a breach, according to a 2019 Ponemon Institute study on behalf of IBM.

McAfee’s MVISION Insights, an unparalleled innovation of MVISION Endpoint Security platform, gives you the intelligence you need to implement a shift-left cybersecurity strategy by uniquely combining three key steps:

  1. Prioritize threats that matter to your customer according to industry, region and security posture—derived from one billion sensors, AI and human analytics.
  2. Predict whether or not a security posture can counter a given threat.
  3. Prescribe guidance for what to change and how to counter the threat before it enters your organization—hardening and transforming the security posture dynamically.

By drawing on insights revealed by automation, augmented by the understanding of threat researchers and data scientists, MVISION Insights enables you to look across vectors, industries and regions to drill down on what needs attention. It tells you who is targeted, what endpoints could be impacted and what actions you should take. Based on feedback from initial customers, MVISION Insights takes weeks away from a typical red team to find a campaign and offers campaigns that matter in minutes.

This is, in short, the next endpoint security paradigm, designed to help you move from reactive to proactive defense, and to alleviate the constant struggle to find and keep cybersecurity experts on staff. Shift-left: It’s what happens before the attack that matters. MVISION Insights is here to shift your endpoint security to be proactive!

About the Author

Naveen Palavalli

Naveen Palavalli is the Vice President of Product Marketing and Competitive Intelligence at McAfee Enterprise where he leads the Enterprise product and solutions go-to-market strategy. He has nearly 18 years of cybersecurity experience setting strategy and leading cross functional teams to drive global portfolio product marketing/management and go to market (GTM) programs. Naveen holds an ...

Read more posts from Naveen Palavalli

Categories: Endpoint Security

Subscribe to McAfee Securing Tomorrow Blogs