Take your business security to the next level with advanced threat protection, vulnerability management, machine learning and more.
With all the recent ransomware and other malware outbreaks, if you’re not reassessing your business’s information security strategies and solutions, then perhaps you should be.
Installing good security software on your systems is a good start – and we’ve covered the best endpoint security tools for small businesses, individual Windows users, Mac users, Android users and even for free.
However, to counter the increasing sophistication of today’s threats, information security companies have come up with advanced new ways to help you protect your business data.
Here's a selection of some of those next-generation security products and services.
Bitdefender GravityZone XDR
GravityZone XDR is a new, cloud-based security system with endpoint detection, prevention and response capabilities from a single agent managed by a single console, according to Bitdefender officials.
It is particularly aimed at businesses with hard-pressed IT teams, especially those without their own security operation centre.
GravityZone XDR includes firewall and patch management capabilities, machine learning to block advanced threats before they are executed, real-time process monitoring to detect malicious behaviour, anti-exploit protection, sandbox analysis, and full disk encryption.
Its cloud-based threat analytics module correlates events, alerting the security administrator of any significant incidents. Having determined the level of threat, admins can perform one-click investigations in XDR to look up VirusTotal reports or submit samples for behaviour analysis to Bitdefender’s sandbox analyser, and then “delete, kill or quarantine”. The same interface allows policy changes to be applied to vulnerable endpoints.
“EDR (endpoint detection and response) as a technology holds much promise for the security industry, but existing market offerings are too complex to be deployed by most organisations. That is why we have specifically designed GravityZone XDR to be EDR made easy,” said Bitdefender vice president of enterprise solutions Harish Agastya.
“It provides security administrators with intuitive workflows and a contextual map to understand threat impact. With only the most relevant events being offered for incident response, threat hunting cost and effort are lowered. Having this EDR capability as part of a truly integrated security platform enables the holy grail of endpoint protection - prevent, detect, investigate, respond, and evolve.”
GravityZone XDR can protect PCs and servers.
A recent update to the Falcon platform makes CrowdStrike the only vendor providing next-generation antivirus, endpoint detection and response, managed threat hunting, IT hygiene, threat intelligence and vulnerability management, all fully delivered via the cloud from a single lightweight agent, company officials claim.
The new Falcon Spotlight module provides continuous, real-time visibility of software vulnerabilities in an IT environments.
Importantly, these vulnerabilities are prioritised based on observed threat activity in the customer's environment. This makes it possible to identify the systems at greatest risk and remediate them before a breach occurs.
Falcon Spotlight takes steps to ensure that patches really have been deployed, rather than relying on Windows registry information. By reporting on the software actually in memory, it avoids misrepresenting the state of patches that have been installed but that won't become active until the next reboot.
“We continue to expand the CrowdStrike Falcon platform to provide customers with an end-to-end solution that addresses endpoint security holistically and enables organizations to stop breaches, while bolstering their security posture and operations,” said CrowdStrike co-founder and chief technology officer Dmitri Alperovitc.
“With this new module, we continue to reinforce the CrowdStrike Falcon platform as the market-leading solution that offers security teams control, visibility, and protection, all through one lightweight endpoint sensor, leveraging the power of the CrowdStrike cloud.”
According to analyst firm Gartner, “The number one issue in vulnerability management (and, arguably, IT security operations) is that organisations are not prioritising their patching and mitigating controls, nor are they mitigating the exploitation of commonly targeted vulnerabilities.
“In short, organisations are struggling to figure out the delta between ‘what can I fix’ and ‘what will make the biggest difference, with the pragmatic reality of the time and resources that I actually have.’ The answer is a risk-based approach.”
In addition, Falcon Spotlight eliminates scheduled vulnerability scanning, and does not require the installation of additional agents or management consoles beyond those already deployed for the Falcon platform.
OpSys Managed Security Service
OpSys’ first security operations centre is now operational in Adelaide, and the company plans to expand nationally.
The arrangement with FireEye allows OpSys to offer Helix on an as-a-service basis. This is especially relevant to small and midsize businesses, as it means they can get enterprise-grade threat detection and response without having to pay enterprise-level prices.
“The Helix platform offers the most complete combination of security capabilities that we believe is available in the market and enables us to offer enterprise-level security at SMB-level cost,” said OpSys founder Matthew Fabri.
“Security is everyone's concern, regardless of how big an organisation is. It stands to reason that companies of all shapes and sizes have access to the same toolsets to defend themselves, and now they do.
“We see strong demand from SMBs for this level of service, and it means we'll look to expand the service to a national and, eventually, global market.”
FireEye welcomed the launch of the service.
“We designed FireEye Helix specifically to simplify, integrate, and automate security operations so that organisations can get the most out of their security infrastructure, prepare for unknown, no-malware attacks, and finally, go from alert to fix in minutes, not days,” said FireEye ANZ regional director Richard Metcalfe.
“OpSys is now enabling that level of security and service to businesses of all sizes in Australia.”
Sophos XG Firewall
The latest version of Sophos's next-generation XG Firewall is able to identify, classify and allow the control of all previously unknown applications active on the network, such as those which don’t have signatures or are using generic HTTP or HTTPS connections.
This synchronised app control feature is an industry first, according to the company.
It can reduce the security risks associated with unidentified traffic by allowing administrators to see exactly what is on their network, officials said.
It automatically categorises discovered applications, leaving administrators to assign unknown apps to categories that will block or allow their traffic, as seen fit.
“The latest version of the Sophos XG Firewall represents a significant improvement in network application visibility, especially in regards to unknown applications. It’s an innovative solution to an industry-wide problem that has been getting increasingly challenging over time,” said IDC security products research director Rob Ayoub.
The data required for this categorisation comes from Sophos Endpoint Protection and the company's new Intercept X anti-ransomware product.
“In a recent study, IT professionals admitted that about 60 percent of network traffic is unknown, and the security risks associated with this tops their list of concerns,” said Sophos senior vice president and general manager of end user and network security groups Dan Schiappa.
“Sophos can identify this traffic because the endpoint knows exactly what applications are running and it can share this data with the firewall through the Sophos Security Heartbeat. Synchronised app control has improved visibility and increased the IT administrators’ ability to proactively manage network traffic. This new technology is a game changer for the IT professional who is no longer prepared to accept the gaps and blind spots that stand-alone firewall and endpoint solutions have created in their environments.”
Sophos XG Firewall is available for on-premises and cloud deployment.
The latest XG Series hardware appliances feature two onboard fail-safe bypass port pairs as part of 1U appliances, an optional bypass FleXi Port module for all 1U and 2U models, and optional Power over Ethernet (PoE) modules.
Symantec Endpoint Protection
Symantec recently extended the Symantec Endpoint Protection (SEP) platform to meet the changing demands of cloud and mobile technology.
SEP still uses a single agent on each device, but now provides a wider range of protections.
New deception technology deceives attackers into believing they have successfully breached an organisation, when they are actually in an artificial environment populated with fake assets and information. While the Bad Guys are kept busy, security teams have time to neutralise the attack. According to the company, this is the first massive-scale deployment of deception technology.
SEP Mobile uses technology Symantec acquired with Skycure to provide "comprehensive, proven and effective mobile threat defence" for BYOD and corporate-owned devices running modern mobile operating systems including iOS and Android.
Advanced Threat Protection 3.0 provides major endpoint detection and response (EDR) enhancements, including the Symantec EDR Cloud which “helps to strengthen a firm’s security posture against cyber attacks," in part by providing "pre-built incident response playbooks that bring the skills and best practices of experienced security analysts to any organisation while lowering costs.”
Signatureless protection uses advanced machine learning techniques and behavioural analysis to improve protection. According to the company this technology helped SEP 14 to proactively block more than one billion WannaCry infection attempts around the world.
SEP Hardening prevents exploits including zero-day attacks and mitigates damage from attacks by shielding and isolating suspicious and malicious activity targeted toward commonly used applications, Symantec officials stated.
“Our new endpoint solution is exactly what our customers have been asking for – best of breed capabilities, integrated into a single agent, to help them streamline, lower costs and effectively combat advanced threats, malware and ransomware,” said Symantec president and COO Mike Fey.
“More importantly, these technologies are not simply integrated – they lead going toe-to-toe against their standalone counterparts in the industry. We call it Endpoint Security for the Cloud Generation and we are very proud to offer this level of advancement to our customers, completing another important milestone in our endpoint security strategy.”