Switching to Next-Gen Endpoint Security

Threats are becoming increasingly dynamic and industrialized which is forcing organizations to defend against new advanced attacks as well as traditional malware. As a result, more and more organizations are making the switch to next-gen endpoint protection from Sophos to get the proven, innovative defense they need. This solution brief shows how Sophos Next-Gen Endpoint Protection delivers the protection, usability and support required to stay ahead of the constantly evolving threat landscape.

 By Marty Ward, VP Product Marketing, Sophos

"Smarter, faster hackers cause huge spike in cyber attacks."

Another day, another headline. High profile data breaches. Alarming new statistics. The cyber threat environment is more dynamic than ever. Information from the Verizon 2015 Data Breach Investigations Report paints a disturbing picture of a threat environment that continues to grow in terms of the volume of attacks as well as their speed and sophistication.

  • In 2014, there was a 26% increase in security incidents and a massive 55% increase in confirmed data losses.
  • In 60% of cases, attackers are able to compromise an organization within minutes.
  • 70 to 90% of malware samples are unique to a single organization.

In addition, both public and boardroom awareness of cyber threats has continued to grow. Again, from the Verizon report: “The New York Times [devoted] more than 700 articles related to data breaches, versus fewer than 125 the previous year.” Similarly, awareness of cyber threats within organizations is on the rise with both the broader employee population and boardroom executives.

Increased security spending, with some regrets

With increasing public and boardroom awareness, it shouldn’t come as a surprise that organizations continue to increase IT security spending. According to the Ponemon 2015 Global Study on IT Security Spending & Investments, 46% of organizations increased their security spending over the past two years, and 50% expect to increase IT security spending over the next two years.
However, the Ponemon study also raises questions about how well those security investments have been working: “Companies admit they have been disappointed with some of their technology purchases. In the past 2 years, respondents say on average 37% of all investments in enabling security technologies fell below their expectations.”
Asked why they regret those security investments, the top five issues cited by organizations in the Ponemon study were categorized into 3 main areas.

  1. Protection (System Effectiveness)
  2. Usability (System complexity, Personnel and lack of in-house expertise, Installation costs)
  3. Support (Vendor Support)

At Sophos, we ask our new endpoint protection customers what prompted them to change endpoint security solutions, and the answers mirror many of the top issues raised in the Ponemon study. Primarily they are frustrated with continued malware outbreaks that got past their previous solution, slow performance, multiple agents, product complexity, poor customer support, and difficulties integrating a wide range of integrated defenses.



Evolution of threats

The problems arising above are the result of the continued evolution of threats while customers continue to try to defend with legacy endpoint solutions. Traditional endpoint security was built to address viruses, Trojans, and worms whereas threats have advanced to exploiting vulnerabilities, ransomware, and in-memory attacks. There are changes to both the type of threats we see today as well as the targets. 

In Figure 1 below we highlight some key trends including the fact that the majority of threats are now unknown, zero-day attacks. They have also moved from simple malware to industrialized attacks which are very coordinated, often including multiple attack techniques and communication mechanisms. Given that traditional endpoint security has done a good job preventing malware, hackers have moved on to compromising credentials in order to move around within systems as a legitimate user or admin. Legacy endpoint was not designed for this.


In addition, the targets of the attacks have changed. Rather than going after large enterprises only, hackers have realized that small and medium sized businesses have equally valuable data and often partner with large enterprises, so that data is shared everywhere, which makes it easy to move between companies to get the data they want. 

Exploit kits, which are "hacking as a service" tools that anyone can use, now account for 90% of all data breaches. They enable hackers to get very targeted in their attacks, pinpointing the demographics they desire in order to maximize effectiveness of their actions. Furthermore, since companies still tend to take half a year to patch known vulnerabilities, hackers are moving their approach from "spray and pray" to focusing on exploiting this lack of diligence. 

Evolution of Endpoint Security

The good news is the security industry has continued innovating as well. In this multi-decade chess match between hackers and vendors, every move is met with a counter move, with each side hoping to leapfrog the other. The security industry has always been fascinated with the concept of a silver bullet, and as such there are more than 1000 security technologies companies in the world today, many of them with a single technology they believe is the solution to all your problems. Unfortunately, we all know that is not the answer. 

Just like there are multiple pieces in a chess match, there are multiple technologies required to fully protect your endpoints. The traditional security options listed in Figure 2 like exposure preventing, pre-execution analytics, and file scanning are still necessary ingredients to block all the noise of traditional malware. Chet Wisniewski, Principal Research Scientist at Sophos like to say, "Burning down the haystack makes it a lot easier to find the needle."


That needle is likely to show up in the form of an advanced in-memory attack or exploit, which is why you need run-time detection and prevention as well as exploit detection in your endpoint solution. These advanced (and signature-less) prevention technologies look for exploit techniques and behaviors that will block unknown advanced attacks.

While we believe "defense in depth" is still a good strategy, the silver bullet of security is the integration of these technologies to work as a coordinated security system, one that's even more sophisticated than the advanced attacks targeting businesses these days.

Transforming endpoint protection with Sophos

To make real headway against today’s threats, it is essential to invest in the most effective IT security solutions that can be put into use with the staff and expertise available. Sophos Next-Gen Endpoint Protection not only integrates a wide range of advanced security technologies. It is also intelligently designed and backed by world-class support to get them working in your organization.

To learn more about transforming your endpoint protection with ControlScan and Sophos, download the free datasheet.