Last week’s Gartner Security & Risk Management Summit crammed several months’ worth of information, analyses, workshops and networking into 3 ½ short days. Though many messages were familiar, a shift could be detected, a recognition that the landscape is transforming and innovation is calling.
Of the many subjects discussed, three took front and center stage:
The emphasis on security at the speed of business – security that supports organizational growth and agility rather than hinders it – resonated particularly strongly with the Morphisec team. For us at Morphisec this is not just a goal; it is the basis of our business. The combination of powerful prevention, simplicity and cost efficiency is the main driving value behind our product.
While the Gartner summit discussions were highly relevant overall, two sessions in particular stand out.
The first was a thorough analysis by Gartner analyst Mario De Boer of the strengths and limitations of malware protection technologies from an attacker perspective. Endpoints are the main entrance for advanced attacks and attackers continue to develop ever more sophisticated methods to penetrate and execute their malicious intent. As a result, various types of protection technologies evolved around the endpoint and the network that surrounds it:
Ideally, the best cyber defense would incorporate all the above techniques into a preventative strategy, in order to ensure that the endpoint is covered from all possible vectors. In reality, this is a pie in the sky dream - configurations, CPU drain, collisions between products, maintenance, immense reporting (including high rates of false positives), and lack of expert security practitioners all contradict the drive toward manageability and cost efficiency. So how should security teams decide which products to deploy?
De Boer answered this question by examining several types of attacks, highlighting which combination of technologies creates the most difficulty for the attacker, to deduce the most efficient security approach.
His conclusion? “Choose endpoint technology stacks rather than individual technologies, avoiding agent bloat.”
We at Morphisec believe this sets the right tone for industry discussion: The “right stack” provides adequate protection alongside operational efficiency – low number of agents, lower level of compatibility issues, low CPU drain, low level of false alerts, and low remediation costs.
However, De Boer’s session had one glaring gap. He pointed out the limitations of each of these techniques, and the fact that, even in combination, attackers may slip through the cracks long enough to cause damage. Yet he offered no alternatives.
This is where the session about the Top 10 newest technologies comes in. Full disclosure - Morphisec is one of the vendors on the list.
Neil MacDonald, vice president, distinguished analyst and Gartner Fellow Emeritus examined the leading new approaches to information security; emerging technologies that help fill the gaps that still exist in De Boer’s stack. In the section on non-signature approaches for endpoint prevention, McDonald points out the dissatisfaction with the current state of endpoint prevention. As Gartner says in a post about the session, “Purely signature-based approaches for malware prevention are ineffective against advanced and targeted attacks. Multiple techniques are emerging that augment traditional signature-based approaches, including memory protection and exploit prevention that prevent the common ways that malware gets onto systems.”
MacDonald goes on to say that these solutions should be viewed as approaches to supplement the shortcomings of current prevention technologies.
That is exactly the discussion we have with our customers. Knowing that no one product can do it all, we review Morphisec Advanced Threat Prevention alongside their current stack and in some case even recommend adding another security element.
This analysis will always start with an effective and efficient prevention stack which according to De Boer’s analysis, should include:
Such a stack will ensure the best and most efficient malware prevention. Organizations that are under frequent attack should also consider EDR and Sandboxing detection techniques.
Essentially these two sessions have a clear and important message for CISOs and SECOP teams: Look for the right stack rather than individual products; and leverage new technologies to do all you can on the prevention front.