Sophos News

What should you expect from a next-gen endpoint protection solution?

  • John Zorabedian

    • Everyone knows that traditional antivirus isn’t enough to stop today’s advanced threats, so endpoint security vendors are hoping you’ll consider their “next-gen” solutions. But what exactly does “next-gen” mean, and what capabilities should you expect?

    At Sophos, we believe next-gen endpoint protection means an integrated system of technologies that protect against all stages of an attack:

    1. Prevention: Stopping malware before it can execute.
    2. Detection: Identifying quickly when malware is deployed.
    3. Response: Taking action instantly when malware is detected.

    Let’s take a quick look at the capabilities your endpoint protection needs to counter threats at each stage.

    1. Prevention: The defensive front line

    Prevention focuses on stopping malware from ever reaching the device in the first place. Prevention capabilities can be broken down into exposure prevention and pre-execution defense.

    Exposure prevention:
    – Web protection – can you block malicious webpages?
    – Device control – which devices (e.g., USB drives) are allowed to access the endpoint?
    – Download reputation – where does the file come from, do other machines in the organization use it?

    Pre-execution defense:
    – File analytics/HIPS – does a file contain code trying to modify the registry?
    – Emulator – can you execute the file in a safe environment to test it?

    2. Detection: Catching malware in the act

    Detection uses a variety of methods to identify malware that has reached a device. A next-gen endpoint solution should have these run-time detection capabilities.

    – Malicious traffic detection – are processes communicating with known threat locations (phoning home)?
    – Memory scanning – is a file exhibiting behavior of known malware?
    – Exploit detection – is the suspect process cataloging the memory of another process?

    3. Response: Clean-up and analysis

    Response capabilities should eliminate the malware and perform analysis to identify the entry point of the malware.

    – Malware removal – can your endpoint solution remove the executable and other malware components?
    – Root cause analysis – can it identify the malware’s origin to understand what was compromised?

    Choosing a truly “next-gen” endpoint solution

    Sophos experts have written a simple guide to explain why organizations like yours need next-gen endpoint protection. It also explains in straightforward terms the features that a next-gen endpoint solution should have, and how they keep your users and systems secure.

    Download the free whitepaper, or sign up for a free 30-day trial of Sophos Next-Gen Endpoint Protection.