> ENDPOINT SECURITY
We know that there are MANY terms thrown about when it comes to cyber security: Virus, Worm, Trojan, Ransomware, the list seems endless.
So in order to try to alleviate the confusion, we’ve provided an explanation of the most common cyber security principle below! In reality, all the below are examples of MALWARE (MALicious softWARE.) Malware is any software that is created to perform a malicious function, whether that be to gain access to your device, stop your device from working as required, or to collect information from your device. Click on the below terms to get more information:
Malicious code attached to an executable file. Must be triggered by the end user by opening/running the file. Can spread if the file is passed to another system, and it can modify or delete data.
Able to replicate by themselves, by attaching themselves to different files or finding paths to other devices via a network. A common symptom of a worm is a noticeable decrease in network speed.
Carries out malicious operations masquerading as something else eg: online. Once activated, it binds to non-exectable files, such as PDFs, image files etc
Hides on your machine, and serves up advertisements, generally trying to persuade you to purchase some form of computer security program. Some more modern and advanced adware programs also monitor your web searches to provide you with specific advertisements based on your activity.
Sits on your computer undetected and collects information from your machine to sends to the hacker.
Ransomware once activated, encrypts files of specific formats and demands payment (usually in the form of Bitcoin) to provide you with the key to recover your files. In reality, a lot of the time, even if paid, the files wont be recoverable unless backups were made.
A program that bypasses usual methods of authentication in order to provide the hacker with persistent access in the future if they wish to return to the specific machine.
A rootkit modifies the operating system in certain ways in order to provide persistent access (via backdoors.) There are different forms of rootkit that affect the machine at different levels. Some even infect the hardware itself, so even by re-installing the OS, the rootkit is still present.
A program that logs the keystrokes of the user, in order to find passwords and other sensitive information. The program can be a piece of software on the machine, or it can be on a piece of hardware between the keyboard and the port on the computer itself.
Partnering with industry security experts such as Cisco and Sophos, we’re able to supplement our knowledge with a variety of endpoint protection technologies most fitting to your requirements and budget. There are various different technologies, applied at different layers, that perform different functions. You’ll also find that some technologies provide most of (if not all) of the functions described here in one package. We’ve provided a handy little jargon buster below, to help you better understand what options are out there, and their functions:
Software that detects malware and prevents it from exectuting. It can then remove the software or put it into ‘quarantine’ in case the detected software is a false positive (software mistakenly detected as malicious.) Most anti-virus programs update themselves automatically in order to get the most recent and up to date malware signatures. There are different ways in which anti-virus can detect malware, with more up to date and effective methods using forms of machine learning and artificial intelligence.
A basic packet filter (much like a network perimeter firewall) that will block and allow traffic based on source/destination IP address and port. Not that effective on its own in todays infosec industry. Better implemented as factor in a ‘layered defence approach.’
Able to filter traffic based on website and application. An example of which would be opening macros within a malicious spreadsheet or word document, blocking access to a specific website or preventing downloading a file. Much more granular filtering options than a standard packet filter firewall.
Unlike anti-virus that scans files, IPS scans network packets. Host based IPS, or HIPS, scan incoming network packets and works well when supplemented by an anti-virus/anti-malware program. Unlike anti-malware products, as it scans network packets, it doesn’t need the constant stream of updates that the anti-virus does.
Much like the HIPS, however the IDS doesnt pro-actively block anything. IDS simply detects and alerts the administrator about what it has detected, and leaves it to the administrator to take appropriate action.
An isolated virtual machine within which suspected malicious payloads can be opened in order to determine their effects before being opened on a live machine on an active network. If the payload is determined to be malicious, the user will be informed as such and the malware blocked.
> OUR PARTNERS
ackio partners with some of the industry titans in endpoint protection. All tested and trialled in house to ensure an expected level of security, along with a manageable administrative process. We offer specific solutions based on your industry and requirements; endpoint protection is not a “one shoe fits all” product. Deeper visibility and flexibility may be required for an educational organisation, where as an SMB wont necessarily need to know whats going on, they just want the highest possible level of protection, without 2 through hoops to keep it all up to date.
Cisco pride themselves upon their TALOS project. An unrivalled level of visibility across the world due to their 250 strong team of full time researchers, and the sheer amount of telemetry data coming from customer sites. Read more about the TALOS project here. This database is used for their endpoint technologies, as well as the AMP and IPS technologies in their network perimeter firewalls.
Their endpoint protection offering comes in the form of AMP (advanced malware protection) for endpoints. Using a variety of preventative engines and cloud based threat intelligence, AMP stops threats before they even reach your endpoints. There is a flavour of AMP for endpoints on every device: Windows/MacOS/Linux operating systems, as well as iOS and Android tablets and smartphones.
Sophos, are a UK based security specialist company, who’s main focus is endpoint protection. With years of experience in the topic, their most recent product, intercept X, has consistently rated at the top of independent tests and analyst reports for endpoint protection. Intercept in itself employs a defence in depth approach, combining both traditional and next generation detection techniques, such as AMP, and endpoint detection and response (EDR.)
Intercept X also integrates artificial intelligence in the form of a deep learning neural network, a form of machine learning that can detect zero day (previously unseen) malware, without relying on a database of already successfully deployed attacks. Easily deployed and managed from the central cloud platform, its an industry leader when it comes to endpoint protection.
Panda security, a Spanish based multinational company, are another that specialise purely in security solutions. Quite big in the educational sector due to the extra visibility their platform provides, such as all software installed and its version on each client, provides a single window for viewing any clients that may be vulnerable due to out of date programs.
Providing a flavour of their endpoint protection software for near enough any device, you can protect your business’ entire inventory of laptops, smartphones and tablets from a single cloud platform. Fusion, their flagship product, also provides real time monitoring for CPU usage on each client device, so you can be alerted of any devices running higher than expected. We would recommend this platform for education based on its much advanced visibility into the endpoints. Fusion also includes the ability to remotely access any device directly from the cloud, a feature very useful in education. For more information and a full feature list of fusion, click here.
e-set, named after the Egyptian healer Goddess, is another security specialist company based in Bratislava, Slovakia. One of the oldest names in the endpoint protection industry, with a proven track record of consistently high results and solid products, as shown by their position on the Gartner endpoint magic quadrant, and the only security company to complete in the VB100 test for 12 consecutive years running (the virus bulletin certification that involves blocking at least 99.5% of ‘in the wild malware, and generating fewer than 0.01% false positives when scanning ‘clean samples’ amongst other parameters.) They are famed for their incredibly lightweight client software and their software is available for both laptops and smartphones.
