Endpoint Security Evolution: Protection and the Rise of Prevention

Endpoints are where a company's sensitive data is most susceptible to attack; malicious actors can exploit vulnerabilities there to gain access to a network, steal data, or spread malware. Undeniably, endpoint security is essential for protecting data, applications, and systems from cyberthreats.

However, endpoint security has evolved significantly over the past five years. The cybersecurity industry started with an on-premises, prevention-centric based strategy — an approach that dominated for decades — but security teams began to realize that visibility was as important as raw detection. This ideological shift ushered in the EDR (extended detection and response) era where security was redefined in terms of endpoint data and visibility. The days of debating a 99.8% versus 99.9% detection rate gave way to hours spent gathering as much endpoint information as possible.

To manage this new, enormous pool of data, security solutions looked to the cloud for storing and processing it all in a way that could best help security teams. Pouring through copious amounts of endpoint data to identify anomalies and shed light on active attackers within an organization became a key occupation for every major security organization. Threat hunting and breach closure was the new game: Rather than stopping an attacker at the gate, the cybersecurity world now assumed the attacker was already inside the house.

To keep up with collection and analysis, security tools quickly transitioned from “cloud-enabled” to “cloud-reliant.” A consequence of this shift was a slow degradation of detection rates in general. The differences between a top-tier prevention tool and a “good-enough” prevention tool were no longer measured in tenths of a percent, but rather in entire percentage points.

An interesting — and in hindsight, foreseeable — thing happened as a result. Adversaries switched from sophisticated attacks — the APT, or advanced persistent threat, approach — to a blunt, smash-and-grab mentality. Attackers moved quickly to monetize small flaws in the armor of enterprises: The rise of ransomware clearly highlights this new strategy. Coupled with the reliance on an always-on, cloud-reliant internet connection to achieve even modest protection, organizations should prepare to pivot security strategies once more. 

The Reprioritization of Prevention

Enter CylanceENDPOINT™. The Cylance® AI-driven defense model within CylanceENDPOINT is a battle-proven solution — in fact, industry analyst Rob Enderle named BlackBerry products as the only products of their class that are “truly battle-tested.” And independent analysis shows CylanceENDPOINT stops more attacks — and earlier in the attack chain — than other EPPs (endpoint protection platforms), due to sophisticated algorithms that enable it to detect and prevent threats before they have a chance to fully execute.

One of the key advantages of the Cylance machine learning (ML) approach is that it is up to 95% lighter than legacy solutions that rely on compute-heavy approaches like signatures, allowing it to be deployed on a wide range of systems without adding significant overhead. This makes it an ideal choice for organizations looking to protect their assets without compromising system performance.

CylanceENDPOINT is a highly effective and efficient approach to cybersecurity, and one well-suited to modern organizations that must defend against constantly emerging threats. The solution provides better visibility into attacks, from the first warning signs using proprietary threat intelligence data, through the kill chain, to the prevention of the actual attack. Throughout every security event, CylanceENDPOINT consolidates and correlates disparate alerts to create a full schema of an attack. This dramatically streamlines organizational decisions by providing fewer, but significantly more impactful, alerts to support a security response.

Endpoint security has come a long way and while the industry returns to prevention-centric approaches to cybersecurity, CylanceENDPOINT is already here, and ready to quickly and easily stop these attacks before they impact your organization. By providing better visibility and a more streamlined workflow, BlackBerry can help organizations stay ahead of constantly emerging threats through best-in-class protection.

Learn more about CylanceENDPOINT.

Related Reading

• Future-Proof: How Zero Trust Security Access Enables Secure Work From Anywhere
• ROI In Cybersecurity: Forrester Consulting TEI Analysis Reveals Endpoint Security Solution CylancePROTECT Delivered Net Savings of $1.2M
• New Independent Tests of Endpoint Protection Reveal Marked Differences in Performance, Efficacy