June 6, 2016

Defense in Depth: Why Network Technology Providers Are Bolstering Their Portfolios with Endpoint Solutions

Evgeniy (1 of 1)

Herjavec Group Contributor 
Evgeniy Kharam,
Director Network Security Architecture

The network perimeter dominated enterprise security over the last fifteen years. Despite this focus, there were still multiple AV-type and personal-type endpoint solutions; though most organizations used only Anti-Virus solutions.

Try as we might to ignore it, the world has fundamentally changed. More laptops. More mobile devices. More companies moving to the cloud. It’s a new day for business and in turn, a new day for security. The bad guys have become much more sophisticated, developing plenty of new attacks that can be used to get inside your network. Hackers realized long ago that there is no point hacking the firewall if you can just hop right to the endpoint behind it.

I still remember a time when I would attend regular firewall training sessions. One day stands out to me in particular:  the instructor was bragging about this one firewall that had such sophisticated segmentation of duties that no one had ever compromised it. When I asked if the same was true about the companies that this firewall was protecting…he changed the topic.

endpoint solutions

The world of MORE has provided the opportunity for new endpoint specialties in sandboxing, behavior-based analytics, machine learning, monitoring of registry, file system, process space, network connections, indicators of attack, threat intelligence, and whitelisting. The way we evaluate the overall market is also changing. Gartner opened a new category in 2013 and called it ETDR, which in 2015 changed to EDR: “Endpoint Detection Response”.  IDC Worldwide similarly introduced Specialized Threat Analysis and Protection (STAP) as a new security segment, focused on detecting malware-based attacks aimed at cyberespionage and data exfiltration. They’ve estimated the market for STAP technologies will grow from $200M in 2012 to $1.7B by 2017.

The big network security players identified early that in order to stay in the game, they needed presence in the next generation endpoint security market. People have different opinions on whether network vendors should play in the endpoint market or if the endpoint vendors should play in the network market. After all, different teams tend to manage the products and they have varying perspectives on where the problems are. The reality is that when things go wrong and the customer calls for an Incident Response (IR) team to investigate, a good IR team will evaluate the endpoint information, the forensic data, the firewalls, the SIEM and all other devices to understand how the bad guys got into the network, how they moved inside it, and how the data was exfiltrated. The customer assumes they have visibility to it all – and ideally they should.

incident response

If we take a step back, and consider things from an architectural perspective, the integration between endpoint and network is a very important milestone. It represents unified dashboards, improved control, visibility across platforms, the ability to benefit from cloud threat data, URL, IP & file reputations, user behavior analytics and the untapped potential of big data.

The milestone is even more momentous with the shift to cloud. We are seeing technology vendors embrace a hybrid management platform through their own development, or via acquisition, to have a better grasp of all the devices on and off the network.  Integration examples of network security partners who have added endpoint to their vast portfolios include:

 

RSA

EMC acquired Silicium Security in 2012 to extend RSA’s capabilities to address advanced and targeted threats. RSA used the product internally before the acquisition and understood that it would be the perfect companion to RSA Security Analytics’ Packets technology and was eventually rebranded as ECAT. This combination of tools is used to hunt and detect various security issues on the enterprise network. RSA SA can be plugged to Core switch in SPAN port and ECAT will deployed on the endpoint.

palo-alto-networks-inc-logo

Palo Alto Networks acquired Israeli-based Cyvera in the beginning of 2014 and introduced the rebranded endpoint product “Traps” in September 2014. PAN connected Traps to its WildFire Threat Prevention cloud engine, allowing users to check executable files against the WildFire database.  The execution of the file can be delayed until the validation within the cloud is complete and can be allowed or blocked depending on the results.  In addition to the ability to block executables, PAN Traps can also block malware-infected documents. 

FireEye,_Inc._logo

FireEye had their own endpoint tool called HX, but they decided to acquire an incident response company called Mandiant. FireEye has successfully integrated the HX and Mandiant platforms alongside their Network & Email appliances and MVX technology.

Print

Bluecoat has made numerous acquisitions in the network security space, but instead of acquiring someone in the endpoint realm, they forged partnerships with a number of leading endpoint partners including, but not limited to, Cylance, Bit9, Digital Guardian, and TripWire.

opk_check-point_logo_horizontal

Check Point has made several acquisitions in the endpoint market including Hyperwise and Lancon that helped them create their own endpoint solution. Recently, they added Threat Intelligence components to their endpoint suite including the SandBlast Agent. The SandBlast Agent offers virtual sandboxing for endpoints and incorporates Check Point’s CPU Level Threat Prevention technology as well its Detection & Response capabilities.

Intel_McAfee_Security

Intel Security has focused its efforts on network security areas including IPS and URL Filtering. They’ve integrated their platforms under the TIE DXL model to exchange vectors of attack information between their technologies. They’ve also developed EndPoint Active Response for detection and forensics of Endpoints. Active Response connects to the TIE infrastructure, providing a robust security offering for Intel Security’s customers.

Cisco_logo

Cisco acquired SourceFire in 2013 and added powerful IPS capabilities to their offering. SourceFire had an endpoint tool named FireAMP for malware discovery and analysis. The tool was renamed to CiscoAMP and used in conjunction with CiscoAMP for Network (previously FirePower) as Cisco’s solution for malware protection. 

 

As security professionals, we all appreciate that when it comes to cybersecurity, there is no state of perfection. No matter how strong your network security posture, evolution and proactive improvement are imperative to thwart rising threats. Technology vendors take the same approach to their portfolios. The examples above are a short list of the network security providers that have integrated endpoint into their offerings with the objective of offering more visibility & scope as part of their robust solutions.

If you’d like support in deciphering the complex endpoint security market, please reach out to a Herjavec Group Security Specialist to arrange an Endpoint Toolkit Session for your board or security team.

Request an Endpoint Toolkit Consultation

First Name*
Last Name*
Email*
Company*
Title
captcha
Security Code




About Herjavec Group

Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity solutions and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services globally supported by a state-of-the-art, PCI compliant, Security Operations Centre (SOC), operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including head offices in Toronto (Canada), New York City (USA), Reading (United Kingdom) and Sydney (Australia).  For more information, visit www.herjavecgroup.com

Stay Informed 

  rhsm-3  Follow us on Twitter

  rhsm-2  Connect with us on LinkedIn

 

*By selecting one of the communications above, you consent to Herjavec Group 
sending commercial electronic messages to you for marketing purposes, including information about the products, services and events selected.