Skip to content

What should you expect from a next-gen endpoint protection solution?

this-is-next-genEveryone knows that traditional antivirus isn’t enough to stop today’s advanced threats, so endpoint security vendors are hoping you’ll consider their “next-gen” solutions. But what exactly does “next-gen” mean, and what capabilities should you expect?

At Sophos, we believe next-gen endpoint protection means an integrated system of technologies that protect against all stages of an attack:

1. Prevention: Stopping malware before it can execute.
2. Detection: Identifying quickly when malware is deployed.
3. Response: Taking action instantly when malware is detected.

Let’s take a quick look at the capabilities your endpoint protection needs to counter threats at each stage.

1. Prevention: The defensive front line

Prevention focuses on stopping malware from ever reaching the device in the first place. Prevention capabilities can be broken down into exposure prevention and pre-execution defense.

Exposure prevention:
– Web protection – can you block malicious webpages?
– Device control – which devices (e.g., USB drives) are allowed to access the endpoint?
– Download reputation – where does the file come from, do other machines in the organization use it?

Pre-execution defense:
– File analytics/HIPS – does a file contain code trying to modify the registry?
– Emulator – can you execute the file in a safe environment to test it?

2. Detection: Catching malware in the act

Detection uses a variety of methods to identify malware that has reached a device. A next-gen endpoint solution should have these run-time detection capabilities.

– Malicious traffic detection – are processes communicating with known threat locations (phoning home)?
– Memory scanning – is a file exhibiting behavior of known malware?
– Exploit detection – is the suspect process cataloging the memory of another process?

3. Response: Clean-up and analysis

Response capabilities should eliminate the malware and perform analysis to identify the entry point of the malware.

– Malware removal – can your endpoint solution remove the executable and other malware components?
– Root cause analysis – can it identify the malware’s origin to understand what was compromised?

Choosing a truly “next-gen” endpoint solution

Sophos experts have written a simple guide to explain why organizations like yours need next-gen endpoint protection. It also explains in straightforward terms the features that a next-gen endpoint solution should have, and how they keep your users and systems secure.

Download the free whitepaper, or sign up for a free 30-day trial of Sophos Next-Gen Endpoint Protection.

3 Comments

what happened to the Cylance-target blog content that was here..???

Reply

Yes, we are very sorry about that. At the request of a partner who was being pressured by Cylance, we decided to remove the video out of respect for the partner. To be clear, Sophos stands behind the accuracy of what we published, and we are currently pursuing other methods of disseminating this much-needed and factual information into the marketplace. So please stay tuned.

Reply

There is actually a full response here by Dan Schiappa to the validity of Cylance’s claims:

https://blogs.sophos.com/2016/06/29/thoughts-on-comparative-testing/

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!