They say imitation is the sincerest form of flattery—and we agree! Today we saw other endpoint security vendors promote their “streaming prevention.” Well we say “welcome to the club guys,” because this isn’t a new technology.
As a leading platform provider to enterprise and Federal customers in the endpoint detection and response (EDR) market, we’ve been closely watching the changing nature of how Security Operations Centers (SOC’s) are structured for optimal aggregation and correlation. We are seeing several trends emerge as SOC managers demand a more robust, yet less cumbersome set of integrations into SIEM platforms as their centralized cybersecurity lens into threat management.
Over the past 18 months we’ve watched the Endpoint Detection and Response (EDR) market evolve and take shape as organizations both small and large and across industry are recognizing the need to protect the endpoint. A clear focus for technology market-wide, has been on trying to solve customer challenges by detecting threats faster and with more efficacy, integrating endpoint intelligence into other platforms, improving SOC workflow and preventing commodity malware in favor of focusing more on advanced threats.
As global cybersecurity threats intensify and attackers continue to grow in sophistication, the industry faces increasing challenges in the years ahead. Following are some of my predictions on what we can expect to see in the cybersecurity landscape in 2017—both in terms of industry trends and rising threats:
In recent years, the Asia-Pacific (APAC) region has been increasingly scrutinized for the growth of cybercrime incidents and the perceived lack of cybersecurity knowledge and preventative measures in the region. The good news is that we’re now seeing a real uptick in the region’s cybersecurity efforts, across the board.
You can’t read the news these days without being blasted with yet another Ransomware story. Almost daily, there seems to be a new variant, a new name, and inevitably, new victims. The rise of Ransomware shouldn’t come as a surprise, since its execution is quite simple and the demands on the victims are not onerous.
Ransomware is not like an APT (Advanced Persistent Threat) - there is no need for long-term stealth operation, no need to explore the victim’s networks and resources, no need to steal credentials and no need to quietly and patiently exfiltrate sensitive data. With Ransomware, an exploit kit opens the door, and BANG, there it is, your PC is displaying a ransom note with detailed instructions on how to pay.
900% Growth in 2015 Fueled by Demand for Endpoint Security Innovation; Comprehensive IOC Remediation, Network Security Detection and Integration; Endpoint Forensics
Topics: Press Releases 2016
As we head into the final stretch before RSA, CounterTack, like most cybersecurity organizations, is realizing how critical every day, every hour and every minute is, relative to the work we are doing for our customers in protecting their IT infrastructure.
And as each vendor, enterprise organization, partner and investor gets ready for five days of meetings, presentations, job interviews and cocktails, RSA is typically the platform for numerous announcements and cybersecurity advancements.
These days it appears the concept of a single point solution that protects your endpoints and your network is a dead dream. AV software is being replaced by more complex detection software, while whitelists and IOCs only do a fraction of the work. Keeping the bad stuff out at the perimeter has been replaced by the concept of quickly detecting and responding.