Issue link: https://insights.oneneck.com/i/1458399
CHAPTER 4 Leveraging Unmatched Threat Protection 51 These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. because patches may not be available for legacy systems and software that have reached end-of-life. Therefore, a complete endpoint security solution must support systems that cannot be patched by preventing software exploits, known or unknown, regardless of the availability or applica- tion of security patches. » Be enterprise ready. Any security solution intended to replace antivirus should be scalable, flexible, and managea- ble enough for deployment in an enterprise environment. Endpoint security should support and integrate with the way an enterprise deploys its computing resources, scale to as many endpoints as needed, and support deployments that cover geographically dispersed environments. It must also be flexible in its ability to provide ample protection while still supporting business needs and not overly restricting the business. This flexibility is critical as the needs of one part of the organization may be entirely different from those of another. Additionally, the solution must be able to be easily managed by the same group that manages security in other parts of the organization. It must be designed with enter- prise management in mind, without adding operational burden. » Detect and respond to stealthy threats. No anti-malware solution can block all endpoint threats. Adversaries, includ- ing malicious insiders, state-sponsored attackers, and advanced cybercriminals, can find underhanded ways to bypass the best malware protection. Sophisticated attackers can avoid the use of malware altogether and leverage legitimate apps and stolen credentials to execute their attacks. To find and stop attackers before the damage is done, organizations need detection powered by machine learning and integrated response to quickly contain threats. They need to identify evasive threats by continuously profiling user and endpoint behavior to uncover behavioral anomalies. The right security tool should be able to acceler- ate investigations by grouping related alerts into incidents and automatically revealing the root cause of any attack. Coordinated response across endpoint, network, and cloud enforcement points allows security teams to shut down threats with fast and accurate remediation.