In 2016 the cyber landscape reached new heights with advanced attack methods, increased levels of sophistication and escalated frequency of adversary activity. As technically astute and often well-funded hackers continue to deploy new, constantly evolving techniques, organizations are too often focusing their efforts on detecting known threats, or Indicators of Compromise (IoC). This reactive approach doesn’t account for mutating or unknown malware, living-off-the-land techniques or new variants being deployed.

As hackers become more innovative, so must organization’s capabilities to protect their networks with next-generation, proactive approaches to prevention, detection and response, and remediation.

There are five core components to effective endpoint cybersecurity on all of these fronts:

1. Proactive detection and response – As noted, security methods that focus on IoCs are no longer enough to address today’s advanced threats. By the time an IoC, such as a known-malware signature, is detected, the probability that the organization has been compromised is high. Instead, it’s crucial for organizations to shift to proactive cybersecurity techniques focusing on Indicators of Attack (IoAs) that identify adversary behavior, such as code execution or lateral movement. This enables organizations to prevent, detect, and respond to both known and unknown attacks.
2. Prevention and actionable threat intelligence – In order for cybersecurity to be effective, organizations need to understand not only where the adversary is today, but where it has been, what its objectives are and what it is capable of. By integrating threat intelligence into detection and response, organizations gain a better understanding of the risks they face and can ultimately build stronger, more resilient defenses.
3. Machine learning – Machine learning gathers and analyzes the breadth of businesses’ security-related data, including threat intelligence and reliable indicators. With accurate data input, machine learning can identify IoAs faster, supporting threat prevention with speed and scalability.
4. Managed hunting teams – As long as there are humans behind hacks, we must have the power of humans behind our defenses. Managed hunting teams act as human enforcers, proactively patrolling the network for any anomalies or issues. This extra layer of human protection augments and enhances automated detection capabilities.
5. Cloud-based endpoint security – Cloud-based endpoint protection technology enables organizations to scale whenever needed and offers a unique and distinct advantage in delivering speed, efficacy and response capacity. Today, enterprises are increasingly distributed and have to manage a sprawl of endpoint devices with growing mobile workforces. To that end, many CISOs struggle to provide full security coverage to all users, all the time, whether they are on or off the network.

The cloud enables the collection and analysis of billions of security events in real time that sharpens machine learning algorithms, IoA-based prevention, and detection and response capabilities. Ultimately, this leads to faster, more agile and more comprehensive defenses.

In order to stay ahead of today’s skilled hackers and evolving techniques, organizations must shift their cybersecurity approach to focus on these proactive methods – from IoAs and cloud-based endpoint security to machine learning and managed hunting teams. By unifying these crucial elements, organizations will have a significant advantage over the adversaries that target them.

About the Author

Amol Kulkarni is a seasoned engineering executive with extensive experience building large-scale big data enterprise cloud platforms, consumer cloud services and enterprise products while knitting together world class, high performing global engineering teams. Amol is currently the Vice President of Engineering for CrowdStrike, overseeing the company’s engineering organization and customer facing technology infrastructure. Prior to joining CrowdStrike, Amol held numerous senior positions at Microsoft. Most recently, he was responsible for the knowledge platform in Bing that’s driving significant gains for Bing’s U.S. search market share. Amol also held senior roles in Windows Azure and BizTalk Server, helping reduce COGs and improve developer productivity.