What is Endpoint Security?
Endpoint security is a client/server information security (IS) methodology for protecting a corporate network through focusing on network devices (endpoints) by monitoring their status, activities, software, authorization and authentication.
For management and IT security personnel, endpoint security is an increasingly critical element for corporate networks as more employees and authorized outsiders (like business partners, consultants, customers and clients) are granted network access through the Internet and/or a variety of mobile devices.
What are Advanced Threats?
An “Advanced Threat,” in simplest terms, is a targeted threat or exploit. It is perpetrated by what are called “cyber threat” or “advanced threat” actors. These people deliberately select an organization and mount campaigns to penetrate security defenses and gain access. The actors have specific motivations, which include financial enrichment, the attainment of competitive advantage, collection of intelligence, theft and exploitation of intellectual property. Advanced or “targeted” threats are different from your every day, generic, broad-based threat in their application – they are targeted. By their very nature, Advanced Threats introduce the complexities of motives, objectives and identities of actors. Effective IT security organizations of the future must establish capabilities to identify these actors, understand their motives and work to stop them from achieving their objectives.
How Do Advanced Threat Actors Operate?
“The Kill Chain” (see image above) is the high-level framework or workflow that targeted threat actors employ in their efforts to compromise the target. Disrupting any part of the chain means that the attacker’s efforts are thwarted. It’s important to note that for each targeted attack, the lower-level details (i.e. malware, what’s being targeted, etc.) of the kill chain will vary. The kill chain is a variable process (see image above), depending on the threat actors involved, their preferred approach, the mission and other factors. Advanced Threat actors do not always perform the stages above in their entirety. It’s only the most sophisticated threat actors that follow a very deliberative and organized process in their efforts.
Advanced Threat actors will pursue a path of least resistance using simpler tools and exploits first, and graduate their level of sophistication as successes or setbacks dictate. Some actors may adapt and customize their Tactics, Techniques and Procedures (TTP) to predict and circumvent your security controls and standard incident response practices during the course of their exploit and infiltration. Many Advanced Threat actors may not be concerned about covering their tracks after they have accomplished their initial goals, whereas an Advanced Persistent Threat actor may lie in wait to exploit your network again in the future.