As the digital transformation dawns, IT professionals and decision makers are finding themselves having to sip an unsavory data security cocktail. It’s born of the demand for innovative and ubiquitous technology, mixed with an explosive threat landscape. Remember the Cement Mixer (Baileys and lime juice)? The modern security decision-making process is a Cement Mixer. I’ll work on my analogies.
As efforts to prevent breaches ramp up in the SMB and mid markets, companies are sifting through a host of decisions that balance allowing users the freedom to do their jobs, while promoting the innovation necessary to compete, providing IT with visibility, fitting the budget, and still stopping threats from both known and unknown attack vectors.
The most effective strategies always entail a symphony of well-defined policies, user education and technology. From a practical perspective, companies need to know where they should focus their dollars and attention in these three areas, and it’s easy to become overwhelmed. Spend any amount of time evaluating how to properly orchestrate patch and firmware management, change control policies, password policies, change alerting, campus network security in the age of IoT, datacenter security, endpoint protection, SSL decryption, roaming device security, phishing impact, breach response and remediation policies, in-flight and at-rest data encryption, data access control policies, guest access, email filtering, workstation/server/mobile encryption and policy-based hardening, DNS security, physical security, or securing cloud workloads, and you’ll need a cocktail! Maybe that analogy did sort-of work…
One of the more common and critical areas of the security conversation remains the choice of endpoint protection products, and thankfully that piece of the puzzle has become much easier thanks to CrowdStrike.
From an anti-virus perspective, CrowdStrike’s Falcon platform is positioned in an elite category of those products deemed “next generation” (NGAV). The defining characteristic of a next-gen endpoint protection solution is its ability assess and respond to threats based on their behavior, rather than on canned definitions. So rather than your endpoints being exposed for the relatively large gap of time it takes to identify a new piece of malware in the wild and package/distribute a signature for it, Falcon has eyes on all running processes on each endpoint, looking for those that exhibit suspicious behavior, and when an indicator of attack is noticed, it responds immediately. This model leads to an exceptional ability to prevent ransomware, other malware, and intrusions (even if a threat is malformed with no viable payload). We’ve had the privilege of discussing tremendous success stories with customers, even in the face of targeted “hands-on-keyboard” attacks.
Additionally, by virtue of the architecture’s ability to understand everything being executed on an endpoint, we gain the ability to graphically view a threat’s attempted attack steps (both in real-time and retroactively), and gain the automatic benefit of being able to inventory, monitor (and report on) every application being used in your environment.
And to top off Falcon’s game-changing protection is OverWatch: A 24×7 team of security experts who spend their waking hours hunting for threats in your environment. If an active breach attempt is identified, the OverWatch team will either contact you to guide through next steps, or (if you don’t have 3 shifts of security experts on staff in your organization, and happen to be sleeping at 3 a.m.) take action on your behalf to shut down the threat.
Naturally, you may be thinking that with this level of visibility and protection, there’s no way Falcon doesn’t come nicely packaged with a disgustingly bloated, resource devouring, productivity killing agent for each of your endpoints. Nope. Agents deploy in 5 seconds, with no reboot, completely silently, with a 3MB disk footprint, 1-5MB/bandwidth/day, <10MB RAM, and 1% CPU overhead.
Give us a call for a demo (or a cocktail)!