为什么端点不能留有安全盲点

Why Endpoints Cannot Remain A Security Blind Spot

After a period of stagnation, endpoint security is undergoing a renaissance with a slew of products debuting in the market. Antivirus software and its promise of constant protection is seen as unrealistic, giving rise to the more practical approach of detection and incident response at the user device. Companies are realizing the importance of endpoint security and will boost endpoint security budgets by ve percent to 10 percent in 2016, according
to Forrester.
However, some enterprises are still unconvinced that endpoints are the most valuable source of information for real-time detection and response. Here’s how endpoint detection can bene t your businesses.

Endpoints are notorious for having major weaknesses, including inadequate protection and being used by people who are prone to falling for deceptive tactics like phishing emails.

1.Endpoint visibility increases the chances of early detection
Hackers realize targeting endpoints gives them the best chance for their attack to succeed. Endpoints are notorious for having major weaknesses, including inadequate protection and being used by people who are prone to falling for deceptive tactics like phishing emails.
Comprising an endpoint is a hacker’s initial move. Continuously monitoring your endpoints can help a company detect a breach early before signi cant damage occurs.

1. Endpoint data can eliminate false positives
   Attackers attempt to capitalize on the fact that hacking behavior can resemble normal employee activity. Hackers often use legitimate tactics to deceive security systems and avoid getting caught.
   For instance, some employees may need four attempts to log in to their email account because they forget their user name and password. In other cases, though, a hacker could be behind those actions.
   However, many security systems can’t distinguish between legitimate and malicious actions and will issue an alert for benign activities. This leads to a rash of false positives overwhelming security analysts, who may choose to ignore some of these warnings.
   In the case of the multiple failed authentication attempts, endpoint data can show if the log-in attempts were made from either an of ce or a remote location where a business lacks a presence, giving analysts the information they need to distinguish a harmless mistake from hacker activity.
   The only way security teams can differentiate between user activity and a hacker in disguise is by looking at all surrounding activity.

2. Endpoint information reveals an entire attack
   Since endpoint solutions are deployed on every machine, they allow security teams to oversee the entire IT environment. Used this way, endpoints let you to understand the connection between multiple malicious acts and respond ef ciently.
   For example, hackers are known to use a software-pairing technique, where they install multiple malware programs to protect and maintain control of their operation. Most malware detection tools label these as isolated events instead of a single operation, preventing security personnel from removing the entire attack and allowing hackers to continue collecting information.
   Endpoint data will allow you to understand a hacker’s entire campaign and get rid of it entirely.

后面的翻译来自谷歌翻译

为什么端点不能保留安全盲点

经过一段时间的停滞，终端安全性正在经历复兴，一系列产品在市场上首次亮相。防病毒软件及其对恒定保护的承诺被认为是不现实的，导致在用户设备处更加实用的检测和事件响应方法。公司正在意识到端点安全的重要性，并将在2016年将端点安全预算增加到10％，根据
到Forrester。
然而，一些企业仍然不相信端点是用于实时检测和响应的最有价值的信息源。以下是端点检测如何为您的业务带来益处。

端点是臭名昭着的具有主要的弱点，包括不充分的保护和被人们使用的倾向于下跌的欺骗性战术，如钓鱼电子邮件。

1.点的可见性增加了早期检测的机会
黑客实现目标终结点给他们的攻击成功的最佳机会。端点是臭名昭着的具有主要的弱点，包括不充分的保护和被人们使用的倾向于下跌的欺骗性战术，如钓鱼电子邮件。
包括端点是黑客的初始移动。持续监控终端可以帮助公司在发生严重损坏之前及早发现漏洞。

2.端点数据可以消除误报
攻击者试图利用这样的事实，即黑客行为可以类似于正常的员工活动。黑客经常使用合法的策略来欺骗安全系统，避免被抓住。
例如，一些员工可能需要四次尝试登录到他们的电子邮件帐户，因为他们忘记了他们的用户名和密码。在其他情况下，虽然，黑客可能在这些行动背后。
然而，许多安全系统不能区分合法和恶意动作，并且将发出对良性活动的警报。这导致了一个假阳性的疯狂压倒安全分析师，谁可能选择忽略一些这些警告。
在多个失败的认证尝试的情况下，端点数据可以显示登录尝试是从企业缺乏存在的ce或远程位置做出的，给分析师提供他们需要的信息以区分无害的错误黑客活动。
安全团队可以区分用户活动和伪装的黑客的唯一方法是查看所有周围的活动。

3.端点信息揭示了整个攻击
由于端点解决方案部署在每台计算机上，因此它们允许安全团队监督整个IT环境。使用这种方式，端点让您了解多个恶意行为之间的连接并有效响应。
例如，已知黑客使用软件配对技术，其中他们安装多个恶意软件程序以保护和维持对其操作的控制。大多数恶意软件检测工具将这些标记为孤立事件，而不是单个操作，从而防止安全人员移除整个攻击，并允许黑客继续收集信息。
端点数据将允许您了解黑客的整个活动，并完全摆脱它。