Defense in Depth: Why Network Technology Providers Are Bolstering Their Portfolios with Endpoint Solutions

June 6, 2016

 

Herjavec Group Contributor 
Evgeniy Kharam,
Director Network Security Architecture

The network perimeter dominated enterprise security over the last fifteen years. Despite this focus, there were still multiple AV-type and personal-type endpoint solutions; though most organizations used only Anti-Virus solutions.

Try as we might to ignore it, the world has fundamentally changed. More laptops. More mobile devices. More companies moving to the cloud. It’s a new day for business and in turn, a new day for security. The bad guys have become much more sophisticated, developing plenty of new attacks that can be used to get inside your network. Hackers realized long ago that there is no point hacking the firewall if you can just hop right to the endpoint behind it.

I still remember a time when I would attend regular firewall training sessions. One day stands out to me in particular:  the instructor was bragging about this one firewall that had such sophisticated segmentation of duties that no one had ever compromised it. When I asked if the same was true about the companies that this firewall was protecting…he changed the topic.

 

The world of MORE has provided the opportunity for new endpoint specialties in sandboxing, behavior-based analytics, machine learning, monitoring of registry, file system, process space, network connections, indicators of attack, threat intelligence, and whitelisting. The way we evaluate the overall market is also changing. Gartner opened a new category in 2013 and called it ETDR, which in 2015 changed to EDR: “Endpoint Detection Response”.  IDC Worldwide similarly introduced Specialized Threat Analysis and Protection (STAP) as a new security segment, focused on detecting malware-based attacks aimed at cyberespionage and data exfiltration. They’ve estimated the market for STAP technologies will grow from $200M in 2012 to $1.7B by 2017.

The big network security players identified early that in order to stay in the game, they needed presence in the next generation endpoint security market. People have different opinions on whether network vendors should play in the endpoint market or if the endpoint vendors should play in the network market. After all, different teams tend to manage the products and they have varying perspectives on where the problems are. The reality is that when things go wrong and the customer calls for an Incident Response (IR) team to investigate, a good IR team will evaluate the endpoint information, the forensic data, the firewalls, the SIEM and all other devices to understand how the bad guys got into the network, how they moved inside it, and how the data was exfiltrated. The customer assumes they have visibility to it all – and ideally they should.

 

If we take a step back, and consider things from an architectural perspective, the integration between endpoint and network is a very important milestone. It represents unified dashboards, improved control, visibility across platforms, the ability to benefit from cloud threat data, URL, IP & file reputations, user behavior analytics and the untapped potential of big data.

The milestone is even more momentous with the shift to cloud. We are seeing technology vendors embrace a hybrid management platform through their own development, or via acquisition, to have a better grasp of all the devices on and off the network.  Integration examples of network security partners who have added endpoint to their vast portfolios include:

 

EMC acquired Silicium Security in 2012 to extend RSA’s capabilities to address advanced and targeted threats. RSA used the product internally before the acquisition and understood that it would be the perfect companion to RSA Security Analytics’ Packets technology and was eventually rebranded as ECAT. This combination of tools is used to hunt and detect various security issues on the enterprise network. RSA SA can be plugged to Core switch in SPAN port and ECAT will deployed on the endpoint.

 

Palo Alto Networks acquired Israeli-based Cyvera in the beginning of 2014 and introduced the rebranded endpoint product “Traps” in September 2014. PAN connected Traps to its WildFire Threat Prevention cloud engine, allowing users to check executable files against the WildFire database.  The execution of the file can be delayed until the validation within the cloud is complete and can be allowed or blocked depending on the results.  In addition to the ability to block executables, PAN Traps can also block malware-infected documents. 

 

FireEye had their own endpoint tool called HX, but they decided to acquire an incident response company called Mandiant. FireEye has successfully integrated the HX and Mandiant platforms alongside their Network & Email appliances and MVX technology.

 

Bluecoat has made numerous acquisitions in the network security space, but instead of acquiring someone in the endpoint realm, they forged partnerships with a number of leading endpoint partners including, but not limited to, Cylance, Bit9, Digital Guardian, and TripWire.

 

Check Point has made several acquisitions in the endpoint market including Hyperwise and Lancon that helped them create their own endpoint solution. Recently, they added Threat Intelligence components to their endpoint suite including the SandBlast Agent. The SandBlast Agent offers virtual sandboxing for endpoints and incorporates Check Point’s CPU Level Threat Prevention technology as well its Detection & Response capabilities.

 

Intel Security has focused its efforts on network security areas including IPS and URL Filtering. They’ve integrated their platforms under the TIE DXL model to exchange vectors of attack information between their technologies. They’ve also developed EndPoint Active Response for detection and forensics of Endpoints. Active Response connects to the TIE infrastructure, providing a robust security offering for Intel Security’s customers.

 

Cisco acquired SourceFire in 2013 and added powerful IPS capabilities to their offering. SourceFire had an endpoint tool named FireAMP for malware discovery and analysis. The tool was renamed to CiscoAMP and used in conjunction with CiscoAMP for Network (previously FirePower) as Cisco’s solution for malware protection. 

 

As security professionals, we all appreciate that when it comes to cybersecurity, there is no state of perfection. No matter how strong your network security posture, evolution and proactive improvement are imperative to thwart rising threats. Technology vendors take the same approach to their portfolios. The examples above are a short list of the network security providers that have integrated endpoint into their offerings with the objective of offering more visibility & scope as part of their robust solutions.

If you’d like support in deciphering the complex endpoint security market, please reach out to a Herjavec Group Security Specialist to arrange an Endpoint Toolkit Session for your board or security team.

[contact-form-7 id="4526" title="Request an Endpoint Toolkit Consultation”]


About Herjavec Group

Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity solutions and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services globally supported by a state-of-the-art, PCI compliant, Security Operations Centre (SOC), operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including head offices in Toronto (Canada), New York City (USA), Reading (United Kingdom) and Sydney (Australia).  For more information, visit www.herjavecgroup.com

Stay Informed 

    Follow us on Twitter

    Connect with us on LinkedIn

 

*By selecting one of the communications above, you consent to Herjavec Group 
sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.


Take the First Step
In Transforming Your Cybersecurity Program

Enterprise security teams are adapting to meet evolving business needs. With 5 global Security Operations Centers, emerging technology partners and a dedicated team of security specialists, Herjavec Group is well-positioned to be your organization’s trusted advisor in cybersecurity. We’ll help you understand your risk exposure, increase your visibility and ROI, and proactively hunt for the latest threats.

Book a Free Consultation

Stay Informed

Follow us on Twitter
Connect with us on LinkedIn