HOW TO PROTECT YOUR MICROSOFT ENDPOINTS FROM KNOWN AND UNKNOWN THREATS

3 min read

Gartner predicts that, by 2018, 25 percent of corporate data traffic will bypass perimeter security and flow directly from mobile devices to the cloud. As workforces continue to adopt mobile platforms, a growing amount of network traffic goes uninspected, increasing an attacker’s ability to communicate directly with a potential victim’s endpoint, thereby increasing the likelihood of a successful attack.

When it comes to Microsoft® Windows® systems, threat actors rely primarily on two attack vectors: malicious executables (malware) and vulnerability exploits in system or application software. A natively integrated next-generation security platform, equipped with advanced endpoint protection, arms organizations with a multi-method prevention approach that combines the most effective malware and exploit prevention capabilities to protect Windows systems from known and unknown threats.

 

Multi-Method Prevention

Most organizations deploy multiple security products to their endpoints, including one or more traditional antivirus solutions. Given the increasing frequency and sophistication of the threat landscape, this approach is not able to prevent security breaches on the endpoint. Rather, advanced endpoint protection replaces traditional antivirus with a multi-method approach to true prevention that pre-emptively blocks malware and exploits, including zero-day threats. Advanced endpoint protection delivers breach prevention, contrary to breach detection and incident response after critical assets have already been compromised.

  • Multi-Method Malware Prevention. A multi-method approach to preventing malicious executables from infecting a system maximizes coverage against malware while also reducing the attack surface and increasing the accuracy of known and unknown malware In addition, the ability to quarantine malicious executables prevents the inadvertent dissemination of malware, particularly in organizations where network- or cloud-based data storage applications (e.g., Microsoft Office 365®) automatically sync files across multiple users and systems.
  • Multi-Method Exploit. Many targeted attacks begin with an exploit delivered as a data file (e.g., Microsoft Office file) through a website, via email or over the network. This type of attack is difficult to distinguish from normal application behavior, often bypassing legacy antivirus and traditional endpoint security provisions. However, exploits rely on a small set of core exploitation techniques that rarely change, and a multi-method approach that focuses on blocking these core techniques effectively prevents the exploitation of both known and unknown application vulnerabilities.

Native integration with a next-generation security platform also allows for the sharing of threat intelligence information, as well as for the automatic reprogramming and conversion of threat intelligence into prevention, nearly eliminating the opportunity for an attacker to use unknown or advanced malware to infect an endpoint on the system.

 

Extend Network Policies to the Endpoint for Maximum Protection

The network plays several roles in the lifecycle of an attack on the endpoint, including acting as a vehicle for the delivery of exploits and malware and as a conduit for exfiltration of data and credentials. A network security client can be used to maintain visibility and extend network security policies to all traffic. By stopping an attack in network traffic, organizations can reduce the attack surface by preventing malicious content, including exploits and malware, from ever reaching the endpoint.

To learn more, read the Securing Your Microsoft Environment whitepaper.

Ignite 2017 Vancouver

 

OTHER TOPICS:
CYBERSECURITY  |  THREAT  |  RANSOMWARE  |  ENDPOINT PROTECTION  |  DATA CENTER  |  CLOUD SECURITY  |  NETWORK SECURITY  |  FIREWALL