What’s the Value of Next-Generation Endpoint Security?
Signature-based security, which relies on comparing threats to a database of previously identified malicious code, still catches roughly 70 to 80 percent of cybersecurity threats, says Arnie Lopez, vice president of worldwide systems engineering at McAfee. However, that’s increasingly not enough to tackle today’s threat landscape.
In the simplest of terms, says North Dakota CTO Duane Schell, next-generation endpoint security “is a much better version of traditional endpoint protection.”
“In reality, it is a completely new solution that analyzes user and endpoint behavior in real time, leveraging AI and ML to detect and prevent threats much faster and more effectively than traditional endpoint solutions,” he says.
In most cases, next-generation endpoint security solutions also provide agency IT security leaders with “rich and detailed information that allows for more effective post-event analytics and investigations.”
Ultimately, Schell says, these tools provide a “significant reduction in risk from an endpoint perspective, and in the event something does happen, you are able to be much more effective in the investigation efforts.”
MORE FROM STATETECH: Find out how agencies can gain visibility by centralizing logs.
Next-Generation Endpoint Security vs. Traditional Endpoint Security
Traditional endpoint security solutions rely heavily on a signature database, Schell notes, “and in a world where threats are evolving at an enormous pace, the maintenance of that signature database is an impossible task.”
Additionally, there is an inherent lag time in the distribution of threat signatures to all the endpoints.
“By switching to a real-time approach that relies on AI and ML, the task of maintaining signatures is minimized, latency is removed and risk levels are reduced,” Schell adds.
Next-generation endpoint security tools with access to real-time threat intelligence can analyze this information and deploy immediate updates to users’ endpoints. This enables agency IT security leaders to block IP addresses, update malware signatures and identify new adversary tactics quickly, providing rapid detection of evolving threats.