A cyber security strategy that does not address endpoint security, is no strategy. Endpoint protection has become critical for organisations, as mobile malware variants surged and attack frequency rose. Studies show that 70 percent of known breaches started on endpoint devices, of which 30 percent involved types of malware being installed on endpoints.
While security engineers face the challenges of integrating disparate security solutions to make them more effective, as well as shortening threat response times, the number of advanced exploits and ransomware infections are increasing. Threat intelligence feeds could help efficiently transform an organization's security posture, but they are also complex and costly for organizations to adopt and operationalize. Cyber security teams have the need to be able to analyze malware found on endpoints (preferably automatically), find related threats and enrich the results with customized threat intelligence, tailored to their organisation.
Having the best endpoint security solution of 2020 in place, obviously comes with another challenge of selecting an endpoint protection product that fits your needs and budget, and that streamlines your endpoint security. Although the endpoint security market is dynamic, providing hundreds of options, new entrants and providers introduced innovations that have strongly improved the threat detection and response capabilities of endpoint security solutions. Endpoint Protection solutions come with their own set of features & technologies such as Advanced Machine Learning capabilities, behavioural monitoring and Data Loss Prevention.
Unfortunately, the differences are not that easily discernible. For example, the need for endpoint security tools to integrate with other third-party security solutions rises. Is your endpoint protection solution able to integrate with your network security, Active Directory and intrusion prevention deployment for example?
With Endpoint and Cyber Security being a constantly evolving landscape, organisations should never bet their future on one single security product or technology to solve ‘all’ their issues. Instead, a defence-in-depth approach should be adopted to ensure there are multiple circuit breakers in place in case of a malware outbreak.
"...enforce defences that continuously monitor for configuration settings and system compliance, while having an incident response plan in place."
Defending against Advanced Persistent Threats with Endpoint Protection
The process of detecting, screening and scanning endpoints for Advanced Persistent Threats has become a complex, but not impossible process. While attackers develop sophisticated schemes or offer as-a-service attacks, endpoint detection and response (EDR) tools adapt and are increasingly able to find the sneaky exploits. Preferably they can even detect the malicious activities that leave almost no fingerprints. Organizations should also be able to enforce defences that continuously monitor for configuration settings and system compliance, while having an incident response plan in place to quickly stop an attack, reduce damage and prevent data leakage.
Traditional networking security and anti-malware solutions are only able to detect a small portion of the many types of modular or multi-leveled/layered of malware and ransomware attacks. These traditional solutions are now increasingly being replaced with well-developed and continuously updated advanced Endpoint Detection and Response tools.
Best Endpoint Security 2020 solutions
If you’re responsible for developing a cyber security strategy and protecting your organisations’ endpoints in 2020, the challenge is to select the best endpoint protection solution. That’s why our security experts sum up some of the top endpoint security solutions of 2020, including their unique capabilities.
1. Crowdstrike Falcon Endpoint Protection
Having been positioned as a Gartner Magic Quadrant ‘Leader’ for Endpoint Protection in 2019, and being named a Gartner Peer Insights Customers’ Choice for the second consecutive year, Crowdstrike’s Falcon Endpoint Protection Platform is definitely worth considering.
Their endpoint protection platform (EPP) was built from the ground up to address challenges posed by modern attacks and to stop breaches. It delivers a single agent for prevention, detection, threat hunting, response, remediation, vulnerability assessment and IT hygiene. Additionally, Crowdstrike recently introduced Falcon Firewall Management this year for simple, centralized host firewall management.
The Falcon endpoint protection platform was designed and built in the cloud, leveraging a cutting-edge graph database technology that powers the Falcon endpoint agent, CrowdStrike artificial intelligence and all other components of the Falcon platform. As new security needs arise, the platform seamlessly expands to provide CrowdStrike customers with effective endpoint protection.
Known for subjecting their product to non-paid public testing and analysis, Crowdstrike manages to keep receiving unbiased top reviews of their solution. CrowdStrike Falcon was the first next-generation endpoint protection solution that participated in non-paid public testing. Opting for this unique approach, running their own Antivirus engines and publicly testing products, they validate their product claims and effectiveness. Crowdstrike continued to participate in recurring non-paid public anti-malware testing such as the Real-World Protection Testing.
2. McAfee MVISION EDR Endpoint Security
Artificial Intelligence technology is rapidly being integrated into many Endpoint Security products. Like other players, McAfee integrated A.I. into their MVISION EDR solution, providing machine-generated insights into attacks.
McAfee’s Endpoint Detection and Response solution combines the functionality of McAfee Active Response and McAfee Investigator with enhancements such as expanded data collection, expanded detection analytics, guided investigations to tackle EDR alerts, and easy cloud-based deployment. MVISION EDR uses advanced analytics to identify and prioritize suspicious behaviour, helping to guide and automate in-depth investigations. This enables cyber security teams to reduce the strain on their security analysts, resulting in rapid pro-active response, direct actions and broader integration into the security ecosystem. Simply put, McAfee’s EDR solutions helps to accomplish more in less time with fewer resources
MVISION EDR includes credential theft monitoring and rollback remediation to defend against breaches and data theft, while ensuring users and their systems stay productive. It is managed through McAfee’s management console, MVISION ePO, which is available in multi-tenant SaaS, AWS and on-premise environments.
McAfee added multiple layers of AI for endpoint security including structural machine learning to understand what a given piece of code is, and behavioural machine learning classification to detect zero-day threats in near-real time, enabling actionable threat intelligence.
3. Palo Alto Traps 6.0 and XDR
This year Palo Alto Networks launched its second version of the detection and response platform Cortex XDR. It now extends to third-party data sources for prevention, detection, investigation and response. Cortext XDR 2.0 is an advancement of the detection and response platform that runs on fully integrated endpoint, network and cloud data.
The Cortex XDR's behavioural analytics capabilities have been extended to logs collected from third-party firewalls, enabling detection across multi-vendor environments while integrating third-party firewall alerts into a unified incident view.
Cortext XDR includes a complete rebuild of the Traps management service (TMS), a cloud-based endpoint security solution. The new management console spans endpoint policy management, security events review and endpoint log analysis melded with detection, investigation and response. With the new device control capability, organizations are given granular USB access management on the endpoint to prevent malware and data loss caused by unsanctioned devices.
Palo Alto Networks deploys and manages the security infrastructure globally to manage the endpoint security policy for both local and remote endpoints, ensuring that the service is secure, up to date, and available to you when you need it. When for example your company hosts an offsite or out-of-country event with many employees in attendance, it ensures proper performance and scalability. As storage or bandwidth needs grow, you can add capacity as required.
XDR also applies machine learning to automatically detect stealthy threats for endpoints. It integrates tightly with Traps endpoint protection and response to collect rich data for threat hunting and investigation purposes. XDR provides a complete picture of each incident revealing root causes, in that way speeding up investigations. This helps to accelerate containment through tight integration with enforcement points, enabling you to stop attacks before any damage is done.
In conjunction with Cortex XDR, customers can use raps Advanced Endpoint Protection 6.0 to extend their prevention capabilities to include detection and response across their entire digital infrastructure with a single agent.
4. Cisco AMP for Endpoints
In August 2019, Cisco’s Advanced Malware Protection (AMP) for Endpoints won the Approved Business Security Award from AV-Comparatives. AMP achieved test results that demonstrated strong protection rates with very low false positives. AV-Comparatives also highlighted Cisco’s broad endpoint platform support and relative ease of deployment.
Protecting Windows, Mac, Linux, Android, and iOS devices through a public or private cloud deployment, Cisco’s Advanced Malware Protection (AMP) for endpoints integrates prevention, detection and response capabilities in a single solution. Cisco AMP for Endpoints offers cloud-delivered next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR).
AMP for Endpoints is, just like some other endpoint protection solutions, trained by algorithms to “learn” to identify malicious files and activity based on the attributes of known malware. Machine learning capabilities in AMP for Endpoints are fed by the data set of Cisco Talos, which is Cisco’s threat intelligence group. The machine learning in AMP for Endpoints helps detect known and unknown malware at the point of entry.
Cisco AMP for endpoints also provides actionable dashboards that enable management and faster response. Events and endpoints are categorized by priority and tied into workflows to track progress during investigation.
5. Symantec’s Endpoint Protection (SEP)
Winning four AV-TEST Institute Best Protection and Best Performance Awards in 2018, Symantec’s Endpoint Security solution proves to be worth considering when reviewing your endpoint security solutions. The Endpoint solution was also positioned as a ‘Leader’ in Gartner’s 2019 Magic Quadrant for Endpoint Protection Platforms, together with Crowdstrike.
Being a key component of Symantec’s Integrated Cyber Defense Platform, Symantec Endpoint Protection helps find what antivirus tools often miss. It also provides forensic information when an attacker gets in. Symantec provides defense against hard to detect threats that rely on stealthy malware, credential theft, fileless, and “living off the land” attack methods.
Its endpoint capabilities include deception technology, mobile threat defense for corporate-owned and (Bring Your Own) devices. SEP combines features including advanced machine learning, zero-day exploit protection, behavioural analysis, deception technology, integrated endpoint detection and response, application isolation and application control.
Management of Symantec Endpoint security is fully cloud-based. Security incidents can be investigated and remediated from the cloud-based management console used by Symantec Endpoint Security for simplified management and data policy control.