Let’s look at how organizations can solve prominent security use case using next-gen analytics-based enterprise wide visibility platform focusing Endpoints.

Focus on Endpoints

The majority of attacks happen at the enterprise endpoint level. With bring your own device (BYOD), remote/ mobile employees and cloud initiatives, the network security perimeter for most enterprises has all but dissolved. It’s critical to establish an effective endpoint security measure and understand the complete picture of endpoint security health at any given point to prevent cyber-attacks.

Using security products such as Vmware- Carbon Black, Absolute, Tanium, Fireeye and Rapid7/Tenable as agents in endpoint devices (on-premises and cloud), organizations can monitor and capture the vulnerability and compliance status of the device in real-time, along with last-logged-in user identification. A good patch management software like BMC or Microsoft’s System Centre Configuration Manager (SCCM) handles Windows patch management and anti-malware policies, while Cloudvisory or Dome9 (CSPM) gathers cloud traffic data. These tools together generate millions of events in real-time. Implementation of SASE makes life easier for the organisations in terms of security and productivity of the employees.

Identifying system health and user access at any given time is time-consuming when the data from these tools is not integrated. The cyber analytics platform can help to automatically identify and holistically visualize enterprise security and IT health by providing a single-view dashboard of the IT assets’ health status and vulnerability score generated using advanced analytics.

Organizations can improve risk analysis and make faster decisions by automatically capturing, integrating and correlating real-time event data with the look-up data from an enterprise asset inventory master database and human resources data. They can also incorporate a single-view dashboard of the IT assets’ health vs. risk score. Some of the SIEM tools with capability of UEBA can be utilized like Gurukul, Rapid7- Insta IDR and Qradar.

Endpoint threat correlation via a next-gen cyber analytics architecture

This approach could have prevented the worldwide WannaCry and Petya worm cyberattack or the latest one like Maze etc. These attacks created havoc in the organisations affecting them globally using primarily the Microsoft Windows operating system. These exploitation – which impacted major organizations including FedEx, Nissan and Britain’s National Health Service – was caused by a Windows vulnerability in the implementation of the Server Message Block (SMB) protocol. The other recent attacks like Maze impacted the top organisations in IT/ITES sector itself and some of the attacks happened recently in India in one of the leading food and beverage company and top pharma company in India. This uses the vulnerability of Pulse VPN and IE to get into the network. They primarily used the basic vulnerabilities of the systems and loop holes in the security for mitigating sophisticated attacks like ransomware or APT attacks which can be mitigated with the help of a good Next Gen antivirus (behaviour and AI/ML based) or a focus on the patch management and strong visibility around the enterprise assets.

An intelligent and integrated cyber analytics visibility platform could have helped identify such a lapse at an early stage by proactively tracking and managing endpoint reconciliation, enabling faster security control measures to better protect the enterprise.

In the current scenarios where more and more traffic is shifting outside Enterprise network perimeter, it’s mandatory to protect end points with the help of next gen technologies and framework utilising the Nxt Gen AV, Secure Access Service Edge- SASE and Zero trust principal and focusing on strict patch management process.