A robust endpoint security strategy is critical for modern CISOs who are facing more threats than ever. Tamer Odeh, Regional Sales Director for SentinelOne, tells us about some of the biggest threats to the endpoint and how the security company is helping to combat these.
How would you describe the overall threat landscape?
The threat landscape on the whole is persistently growing, which shouldn’t surprise anyone at this point. With more than 90% of these ‘new’ pieces of malware being just modified versions of existing threats (even the latest zero-day attacks include elements of old attack vectors), even within the past year, the number of different types of ransomware discovered by security researchers around the world has doubled – the sophistication and maliciousness of threats has intensified. Emerging trends, such as the recent BlueKeep exploit or Magecart, means that security teams are working harder than ever before to keep up in the evolving threatscape.
What are some of the biggest challenges CISOs are dealing with when it comes to endpoint security?
Every CISO knows that finding skilled security staff these days is not only hard but getting increasingly harder. The number of organisations reporting a cybersecurity skills shortage has risen every year from 42% in 2015 to 53% last year. We just don’t have the staff to fill the gaps in this industry. As the demand across the industry grows, there’s no shortage of people talking about the problem either, with increasing demands for more cooperation between universities, private organisations and government to boost training opportunities and encourage more diverse applicants into the field.
Specifically, in the endpoint security field, CISOs can streamline security solutions to spread the load for their team. In moving away from ineffective, labour-intensive legacy AV security products, CISOs can help their team and reduce the workload. In automating your processes, you can free up your security team for more pressing matters.
What are the biggest threats to the endpoint?
An endpoint could be a computer running Windows, Apple or Linux. Or it could be a tablet, smartphone or some other device on your network. Any of these are potential endpoints where malware can come in. Endpoint security software such as ours uses behaviour-based threat detection to detect threats upon execution that cannot be detected by known detection methods, such as signatures or mathematical algorithms. With Gartner predicting that, by the end of 2020, 25% of attacks will involve IoT devices, the biggest threat could be staring us directly in the face. Employee training, multi-layered security and a good overview of your network is key to mitigating this threat before it hits and causes untold damage to your organisation.
How does SentinelOne offer a unique defence against these threats?
SentinelOne offers a unique solution in endpoint security, namely our ActiveEDR solution, which protects and defends endpoints through unifying Machine Learning and automation. This means we can provide real time forensics and full context throughout the endpoints. ActiveEDR is delivered via SentinelOne’s single agent, single codebase and single console architecture.
Going beyond traditional anti-virus and EDR solutions, ActiveEDR, powered by SentinelOne’s proprietary TrueContext technology, allows security teams to quickly understand the story and root cause behind threat actors and autonomously respond without any reliance on cloud resources.
With ActiveEDR, everyone from advanced SOC analysts to novice security teams can automatically remediate threats and defend against advanced attacks. This technology empowers security teams to focus on the alerts that matter and leverage technology to assist in what before was limited to human mandated tasks. Our engine’s ability to identify patterns and code execution behaviours in real time gives us the ability to detect and protect from ransomware in the most robust way possible – by literally tracking the way it behaves and blocking it before it does any damage. We’ve also added protections for file back-ups, so as a safety net you also get full rollback capabilities.
How does SentinelOne scale its solutions?
Scalability is a huge plus in the security industry today. You need a solution that can work for a small business as well as a 10,000+ strong company. However, scaling a solution is not without its issues, through addressing each endpoint to providing overall cover.
In deploying our next-gen endpoint solution, and having a unified solution, we can add endpoint agents which allows analysts to hunt for threats quicker and focus on what matters to them.
Can you outline your ransomware warranty and what this means for customers?
We’ve created the first ever Ransomware Cyber Warranty – a warranty for our product’s performance. It’ll give you the best protection from ransomware attacks and if we miss something and you get infected – we’ll pay the ransom. It’s that simple. And it’s how security is supposed to be. The aim of this warranty is to support transparency as security vendors have been doing the ‘fear’ sell for years, with nothing to show for this.
For customers, this means peace of mind. Not only is endpoint protection one of the most critical pieces in any enterprise’s protection strategy but having a warranty in place means we’re confident in our endpoint solution.
How does SentinelOne prevent downtime?
Downtime – a rude word in our industry. With SentinelOne, our behavioural AI turns dwell time into real time, making real-time decisions to impact devices. It fully operates without cloud reliance because we embed our AI algorithms on the endpoint. Downtime, or dwell time, becomes a thing of the past and allows security teams to move forward at machine speed instead of becoming stuck in the same security cycle of remediating a threat and spending hours on one issue.
What best practice approach should CISOs take to ensure a robust endpoint security policy?
Enterprise security, like a healthy body, needs to rest on solid foundations. Although we were discussing the use of Artificial Intelligence and other advanced technologies that can help us face the risks cyberthreats are posing to our way of life, the reality is that too many organisations are really behind on the basic security tasks that can improve their cyber-resistance.
CISOs need to think carefully about the staff they do have as well as the budget put in place to adequately manage the various threats in endpoint security.
If your policy isn’t robust enough to be scaled or doesn’t utilise automation then you may want to rethink your structure. Automation can quickly and easily ensure that your security team are not overlooking important threats or missing vital information.
Click below to share this article