为什么端点不能留有安全盲点
来源:互联网 发布:客户资料整理软件 编辑:程序博客网 时间:2024/05/01 18:05
Why Endpoints Cannot Remain A Security Blind Spot
After a period of stagnation, endpoint security is undergoing a renaissance with a slew of products debuting in the market. Antivirus software and its promise of constant protection is seen as unrealistic, giving rise to the more practical approach of detection and incident response at the user device. Companies are realizing the importance of endpoint security and will boost endpoint security budgets by ve percent to 10 percent in 2016, according
to Forrester.
However, some enterprises are still unconvinced that endpoints are the most valuable source of information for real-time detection and response. Here’s how endpoint detection can bene t your businesses.
Endpoints are notorious for having major weaknesses, including inadequate protection and being used by people who are prone to falling for deceptive tactics like phishing emails.
1.Endpoint visibility increases the chances of early detection
Hackers realize targeting endpoints gives them the best chance for their attack to succeed. Endpoints are notorious for having major weaknesses, including inadequate protection and being used by people who are prone to falling for deceptive tactics like phishing emails.
Comprising an endpoint is a hacker’s initial move. Continuously monitoring your endpoints can help a company detect a breach early before signi cant damage occurs.
Endpoint data can eliminate false positives
Attackers attempt to capitalize on the fact that hacking behavior can resemble normal employee activity. Hackers often use legitimate tactics to deceive security systems and avoid getting caught.
For instance, some employees may need four attempts to log in to their email account because they forget their user name and password. In other cases, though, a hacker could be behind those actions.
However, many security systems can’t distinguish between legitimate and malicious actions and will issue an alert for benign activities. This leads to a rash of false positives overwhelming security analysts, who may choose to ignore some of these warnings.
In the case of the multiple failed authentication attempts, endpoint data can show if the log-in attempts were made from either an of ce or a remote location where a business lacks a presence, giving analysts the information they need to distinguish a harmless mistake from hacker activity.
The only way security teams can differentiate between user activity and a hacker in disguise is by looking at all surrounding activity.Endpoint information reveals an entire attack
Since endpoint solutions are deployed on every machine, they allow security teams to oversee the entire IT environment. Used this way, endpoints let you to understand the connection between multiple malicious acts and respond ef ciently.
For example, hackers are known to use a software-pairing technique, where they install multiple malware programs to protect and maintain control of their operation. Most malware detection tools label these as isolated events instead of a single operation, preventing security personnel from removing the entire attack and allowing hackers to continue collecting information.
Endpoint data will allow you to understand a hacker’s entire campaign and get rid of it entirely.
后面的翻译来自谷歌翻译
为什么端点不能保留安全盲点
经过一段时间的停滞,终端安全性正在经历复兴,一系列产品在市场上首次亮相。防病毒软件及其对恒定保护的承诺被认为是不现实的,导致在用户设备处更加实用的检测和事件响应方法。公司正在意识到端点安全的重要性,并将在2016年将端点安全预算增加到10%,根据
到Forrester。
然而,一些企业仍然不相信端点是用于实时检测和响应的最有价值的信息源。以下是端点检测如何为您的业务带来益处。
端点是臭名昭着的具有主要的弱点,包括不充分的保护和被人们使用的倾向于下跌的欺骗性战术,如钓鱼电子邮件。
1.点的可见性增加了早期检测的机会
黑客实现目标终结点给他们的攻击成功的最佳机会。端点是臭名昭着的具有主要的弱点,包括不充分的保护和被人们使用的倾向于下跌的欺骗性战术,如钓鱼电子邮件。
包括端点是黑客的初始移动。持续监控终端可以帮助公司在发生严重损坏之前及早发现漏洞。
2.端点数据可以消除误报
攻击者试图利用这样的事实,即黑客行为可以类似于正常的员工活动。黑客经常使用合法的策略来欺骗安全系统,避免被抓住。
例如,一些员工可能需要四次尝试登录到他们的电子邮件帐户,因为他们忘记了他们的用户名和密码。在其他情况下,虽然,黑客可能在这些行动背后。
然而,许多安全系统不能区分合法和恶意动作,并且将发出对良性活动的警报。这导致了一个假阳性的疯狂压倒安全分析师,谁可能选择忽略一些这些警告。
在多个失败的认证尝试的情况下,端点数据可以显示登录尝试是从企业缺乏存在的ce或远程位置做出的,给分析师提供他们需要的信息以区分无害的错误黑客活动。
安全团队可以区分用户活动和伪装的黑客的唯一方法是查看所有周围的活动。
3.端点信息揭示了整个攻击
由于端点解决方案部署在每台计算机上,因此它们允许安全团队监督整个IT环境。使用这种方式,端点让您了解多个恶意行为之间的连接并有效响应。
例如,已知黑客使用软件配对技术,其中他们安装多个恶意软件程序以保护和维持对其操作的控制。大多数恶意软件检测工具将这些标记为孤立事件,而不是单个操作,从而防止安全人员移除整个攻击,并允许黑客继续收集信息。
端点数据将允许您了解黑客的整个活动,并完全摆脱它。
- 为什么端点不能留有安全盲点
- 为什么数据加密不能代替综合安全
- 盲点
- 为什么WAF(Web Aplication Firewalls)不能确保数据库安全?
- 为什么WAF(Web Aplication Firewalls)不能确保数据库安全?
- 360安全浏览器为什么不能显示比价…
- 端点
- 端点
- 端点
- OutOfMemory这家伙是谁?为什么我还留有许多内存,它却使进程崩溃了?
- toolbar左边留有空白、toolbar两端空白、toolbar两端不能填满布局问题
- 【Android】 toolbar左边留有空白、toolbar两端空白、toolbar两端不能填满布局问题
- 端点安全:为何只有检测率远远不够
- 信息安全基础知识(一)保密性,完整性,端点认证
- HTTPS为什么安全?
- HTTPS为什么安全?
- HTTPS 为什么更安全?
- HTTPS 为什么更安全
- html form标签
- easyui dialog 关闭窗口的时候,必填框显示在TIP
- libCEF总结01下载、编译、入门
- Android基于中华万年历接口开发的WeatherReport天气预报
- GridView的一些属性
- 为什么端点不能留有安全盲点
- 视频是新时代的文本,微信也不得不认了!
- EasyUI自定义验证-ajax验证用户名是否可用,成功并跳转页面
- SQL 内按位与运算 &
- Android内存泄漏(笔记)
- 如何评价 GitHub 发布的文本编辑器 Atom?
- jQuery异步提交form表单
- JAVA socket 进行十六进制报文交互测试
- ubuntu环境安装php7+ngnix+mysql