Using ITOA to secure endpoints
by Poul Nielsen - Director of Strategy, Nexthink - Tuesday, 20 May 2014.
Visibility in context

Working on the assumption that, certainly by 2020 as suggested by Gartner, enterprise IT systems will be compromised by advanced targeted threats, there is a clear need for security solutions to move more toward the perimeters, with a greater focus on context.

ITOA can be used to detect the presence of increasingly sophisticated threats such as signatureless APTs by recognizing anomalies in the behavior of users and devices, identifying deviations from normal behavior as being potentially malicious activity.

Once a baseline of user behavior has been established, ongoing access and activity can then be monitored and analyzed in real time. From the analysis, behavioral anomalies in areas such as frequency of access and the amount and type of information downloaded, can be identified as being indicative of malicious intent.

Identifying and isolating

Having identified anomalous behavior, it is then possible to isolate the affected endpoint. In the case of a user’s system, ITOA can monitor what it is running, along with any recent interactions the user and their system may have had with content, executables and enterprise systems. Rather than taking a snapshot of a particular point in time, this form of monitoring returns information more akin to a moving film, providing the security team with visibility of what occurred - in a useful context.

As and when a breach occurs, this data can be used to glean a clearer insight into other users who may have also been targeted, and which systems affected and, from there, take the appropriate remedial actions.

By using ITOA, businesses can be proactive in detecting abnormal activities across their IT infrastructure and all connected endpoints, allowing them to enforce security compliance standards at all times by using the constantly available real-time, accurate information.

Businesses, particularly those that find themselves subject to APT and as potential targets for motivated hackers, must take the precautions necessary to protect their technical estate. Using real-time ITOA as a security measure will play a crucial part in helping businesses add an additional layer of protection against threat to their infrastructure, endpoints and end-users.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th