Endpoint Security

What is Endpoint Security?

Endpoint security is a client/server information security (IS) methodology for protecting a corporate network through focusing on network devices (endpoints) by monitoring their status, activities, software, authorization and authentication.

For management and IT security personnel, endpoint security is an increasingly critical element for corporate networks as more employees and authorized outsiders (like business partners, consultants, customers and clients) are granted network access through the Internet and/or a variety of mobile devices.

What are Advanced Threats?

An “Advanced Threat,” in simplest terms, is a targeted threat or exploit. It is perpetrated by what are called “cyber threat” or “advanced threat” actors. These people deliberately select an organization and mount campaigns to penetrate security defenses and gain access. The actors have specific motivations, which include financial enrichment, the attainment of competitive advantage, collection of intelligence, theft and exploitation of intellectual property. Advanced or “targeted” threats are different from your every day, generic, broad-based threat in their application – they are targeted. By their very nature, Advanced Threats introduce the complexities of motives, objectives and identities of actors. Effective IT security organizations of the future must establish capabilities to identify these actors, understand their motives and work to stop them from achieving their objectives.


How Do Advanced Threat Actors Operate?

“The Kill Chain” (see image above) is the high-level framework or workflow that targeted threat actors employ in their efforts to compromise the target. Disrupting any part of the chain means that the attacker’s efforts are thwarted. It’s important to note that for each targeted attack, the lower-level details (i.e. malware, what’s being targeted, etc.) of the kill chain will vary. The kill chain is a variable process (see image above), depending on the threat actors involved, their preferred approach, the mission and other factors. Advanced Threat actors do not always perform the stages above in their entirety. It’s only the most sophisticated threat actors that follow a very deliberative and organized process in their efforts.

Advanced Threat actors will pursue a path of least resistance using simpler tools and exploits first, and graduate their level of sophistication as successes or setbacks dictate. Some actors may adapt and customize their Tactics, Techniques and Procedures (TTP) to predict and circumvent your security controls and standard incident response practices during the course of their exploit and infiltration. Many Advanced Threat actors may not be concerned about covering their tracks after they have accomplished their initial goals, whereas an Advanced Persistent Threat actor may lie in wait to exploit your network again in the future.

Key Attack Questions

    • What was the method and point of entry?
    • What systems were affected?
    • What did the threat do?
    • Can I stop the threat and understand root cause?
    • How do we recover and prevent it from happening again?

    Responding to the Threat

    IT and IT Security’s challenge is to disrupt the targeted attacker’s kill chain or life cycle at the earliest point possible. There are core capabilities that must be present for any organization to effectively defend, resist and respond to Advanced Threats. These areas can be divided into four main areas: Detect, Analyze, Respond and Resist (see Diagram on left).

    Security teams must have full visibility into the operations and security of their systems, networks and assets. Organizations must evaluate their current security architecture and ensure that the right information is being collected and correlated to give security professionals a view of the “big picture” across networks, information and assets. Having visibility into what is happening behind the firewall is just as important as what is trying to penetrate the firewall from the outside.

    Organizations should look to deploy forward intelligence capabilities that provide actionable information on Advanced Threat actors and their operations. The intelligence must be actionable to enhance the organization’s security posture and educate security professionals to threats.

    Because there is no “silver bullet” to protect against Advanced Threats 100 percent of the time, organizations must evaluate their capability to respond effectively to an incident. Containing a problem rapidly and effectively can make all the difference. Security professionals should take an introspective look at their organization to determine if the organization is adequately prepared to respond effectively to a breach by an Advanced Threat actor. Many organizations are looking at a breach as a “when” and not an “if.” This is an unrealistic view in today’s world.

    How Cold Creek Can Help?

    Based on our conclusion that successful defense against advanced threats requires integrated threat intelligence, security operations and incident response capabilities, Cold Creek has developed a portfolio of partnerships, solutions and services options to address the challenge posed by targeted threats. Cold Creek’s endpoint solutions elevate your defenses with key capabilities needed to effectively resist targeted threats. We help you anticipate your attackers, detect their methods, disrupt the kill chain and eradicate their presence in your environment.