The threat landscape isn’t the only source of change, either. Enterprise computing is also shifting significantly. With more data and workloads moving to the cloud, the challenge of protecting assets spread across multiple locations becomes more complex. Something will eventually slip through the cracks if organizations don’t take steps to carefully manage their deployed computing base and defend it against attacks.

Adversaries understand the complexity facing enterprise security teams and seek to exploit the weak links in the chain by using a diverse set of tools to compromise security. They realize that end users are often the soft spot in enterprise security, and they deploy attacks that target those users through spear-phishing emails and other focused attacks.

Endpoint protection strategies have evolved to provide a strong defense in this new environment. Modern endpoint security tools still incorporate reliable signature detection technology but now supplement it with newer techniques, including behavioral analysis, sandboxing, predictive analytics and threat intelligence. While different vendors adopt different tactics for combating modern endpoint threats, the common theme is that they all deploy a multipronged defensive strategy to increase the likelihood of rapid detection, blocking and eradication of attacks.

Threat hunting plays a crucial role in enterprise security strategies. This approach, built on the presumption of compromise, seeks to identify existing and future intrusions into an organization’s networks and systems. Threat hunters analyze the approaches attackers have historically used and complement this knowledge with current threat intelligence to better understand adversary tactics and identify the use of those tactics within their environments. During their initial efforts, threat hunting programs generally uncover one or more existing compromises on a network that went undetected with traditional security controls. Attackers who are able to persist in this manner increase their dwell time, the amount of time after a compromise that they are able to retain access to the organization’s systems.

Many organizations are choosing to deploy managed threat hunting services that operate 24/7, seeking to immediately identify anomalous network behavior and spot compromises before they can cause significant damage. Cybersecurity leaders are accepting the fact that their systems will eventually be the victim of an attack and are seeking to reduce the dwell time of attackers from weeks or days down to hours or minutes. Time is of the essence during a security incident, and the faster a cybersecurity team can react and remediate a problem, the better an organization can protect the valuable data on its network.

Another common feature of next-generation endpoint protection solutions is their incorporation of endpoint detection and response (EDR) technology. This technology moves beyond simple detection of a security compromise and manages an active response that contains the damage, isolates affected systems and recovers normal operations as quickly as possible. EDR approaches minimize requirements for human interaction, facilitating a rapid and effective response. EDR tools also provide root cause analysis of threats and incidents, allowing organizations not only to recover from a security incident but also to learn from the experience and improve their security controls. Although EDR tools are highly effective, they do require the supervision of highly skilled security professionals. For this reason, many organizations opt for managed EDR services that include professional monitoring and analysis.

The COVID-19 pandemic has rapidly changed the ways many organizations think about work styles in general, and computing in particular. Before the pandemic, organizations were already shifting toward telecommuting models that allowed many employees to work from remote locations and at unusual hours. The pandemic accelerated this change, pushing organizations toward greater adoption of telework-friendly cloud applications and forcing cybersecurity teams to rapidly adapt their controls to protect confidentiality, integrity and availability in this shifting environment. For example, email is still a primary attack vector for many adversaries. Shifting to a remote work model means that endpoints now may often fall outside of the protection afforded by network-based controls. In this new world, the combination of cloud-based solutions and next-generation endpoint protection provides robust control, wherever the end user is located.