Using ITOA to secure endpoints
by Poul Nielsen - Director of Strategy, Nexthink - Tuesday, 20 May 2014.
Visibility in context

Working on the assumption that, certainly by 2020 as suggested by Gartner, enterprise IT systems will be compromised by advanced targeted threats, there is a clear need for security solutions to move more toward the perimeters, with a greater focus on context.

ITOA can be used to detect the presence of increasingly sophisticated threats such as signatureless APTs by recognizing anomalies in the behavior of users and devices, identifying deviations from normal behavior as being potentially malicious activity.

Once a baseline of user behavior has been established, ongoing access and activity can then be monitored and analyzed in real time. From the analysis, behavioral anomalies in areas such as frequency of access and the amount and type of information downloaded, can be identified as being indicative of malicious intent.

Identifying and isolating

Having identified anomalous behavior, it is then possible to isolate the affected endpoint. In the case of a users system, ITOA can monitor what it is running, along with any recent interactions the user and their system may have had with content, executables and enterprise systems. Rather than taking a snapshot of a particular point in time, this form of monitoring returns information more akin to a moving film, providing the security team with visibility of what occurred - in a useful context.

As and when a breach occurs, this data can be used to glean a clearer insight into other users who may have also been targeted, and which systems affected and, from there, take the appropriate remedial actions.

By using ITOA, businesses can be proactive in detecting abnormal activities across their IT infrastructure and all connected endpoints, allowing them to enforce security compliance standards at all times by using the constantly available real-time, accurate information.

Businesses, particularly those that find themselves subject to APT and as potential targets for motivated hackers, must take the precautions necessary to protect their technical estate. Using real-time ITOA as a security measure will play a crucial part in helping businesses add an additional layer of protection against threat to their infrastructure, endpoints and end-users.

Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //