Morphisec Cybersecurity Blog

Five Questions to Ask Endpoint Security Vendors at RSAC 2019

Written by Tom Bain | February 20, 2019 at 8:22 PM

As always, RSAC sneaks up and the rush is on! Get ready to look at the 700+ endpoint security vendors on the expo floor, engage with over 50K people descending on Moscone Center, and prepare yourself for the onslaught of the following:

  • Artificial intelligence transforming your security world.
  • Machine learning making threat detection better.
  • Managed detection and response (MDR) alleviating the operator burden of hunting for threats.
  • Automation. Intelligence.

OK, the show hasn’t even started, and I’m already exhausted from the same tired messages.

Granted all of these techniques, technologies and functional components of cybersecurity are important. However, does anyone think it’s time to rethink how you approach cybersecurity? For too long, we have been building static defenses. In other words, we have built defenses predicated on remaining in the same place and building a bigger cyber wall that ultimately….attackers will evade, go around, over, under or through.

Now. What about making organizational targets more dynamic, mobile and resilient?

Moving Target Defense is taking cyber to the next level from the standpoint of making defenders more agile in the face of the most advanced attacks.

Prepare yourself ahead of time with the right questions to dig beneath the hype. With a bit of persistence, you can determine if a solution is something you want to pursue in more detail or consign to the post-RSA trash heap.

questions to ask

  1. How is your ML/AI different than …(fill in the blank)? Most endpoint security vendors these days work on some kind of machine learning or artificial intelligence technology. Ask how their technology, algorithms and datasets differ from their competitors. Ask if they offer the same protection when endpoint are offline and not connected to their threat feeds.

    Note that Morphisec uses Moving Target Defense, not ML or AI. We’ll be at RSA and are ready to explain the numerous advantages of Morphisec’s Moving Target Defense technology. Schedule a meeting with one of our security experts.
  1. How long does it take to install and configure for my organization? Some security tools require extensive customization to work with other systems reduce false positive alerts to an acceptable level, especially if you have custom or legacy applications. Ask what their average time to fine-tune and optimize is for an organization of your general size and complexity.

  2. What kind of protection do you provide against memory attacks? A Ponemon study found that 77% of successful breaches are caused by attacks with a fileless component, i.e., they operate in-memory. Does the solution offer memory protection and what kinds of attacks does it protect against? Make sure to also ask if the memory protection uses performance heavy techniques or can cause system conflicts when turned on – for example if it uses scanning or hooking.

  3. Can your solution protect against unknown attacks? Ask how their system handles brand-new attacks, with completely unknown signatures or using new techniques. Will it stop these kinds of attacks? Make sure to press them – for example, did it stop NotPetya or the CCleaner supply chain attack when they first emerged or did their solution need to be updated.

  4. What resources are required for ongoing operation? Many security tools generate a profusion of telemetry, much of it unhelpful, that requires resources to investigate, analyze and remediate as necessary. The issue of unhelpful telemetry can be extremely costly. The “Cost of Insecure Endpoints” study found enterprises waste an average of 425 hours a week responding to and investigating false positives, costing them an average of $1.37 million annually. Some solutions also sell a monitoring service to address this issue, so figure that cost into your resource calculations.

Morphisec uses Moving Target Defense to stop unknown, evasive memory-based attacks on the endpoint without the dependency on prior knowledge of attacks. The Morphisec team will be on hand at RSAC 2019 to answer security questions and provide expert advice. We have dedicated meeting space just a few minutes’ walk from the exhibition hall. Schedule your reserved meeting time today!