Endpoint Security

Ready to face the truth?

You have to realise that the AV solutions that we have in production today are at the end of their lifecycle. They are designed for protecting against the known.

The signature based model is broken!

  1. 1. Sacrifice lamb, a customer that has to get infected and report the malicious software.Depending of the complexity of the malware a signature will typical be released between 2-24 hours later.
  2. 2. When the signature is deployed you are protected? In the old days yes, today no. By mutating the malware the advisory bypass the signatures and extends the lifetime of the malware.

The DBIR team combined Palo Alto Networks data with intelligence collected from other contributors, coming to the conclusion that the life span of malicious samples is typically very low (i.e. samples are very rarely used more than a few times). The report found that “99% of malware hashes are only seen for 58 seconds or less,” 2016 Verizon Data Breach Investigations Report Insights from Unit 42 Let us give you some information that proves our bold statement.

AV Test institutes present 98% protection

The AV test institutes deliver monthly reports claiming an industry average of 98% protection against 0-day malware attacks, inclusive of web and e-mail threats (Real-World Testing). If these reports were true, it has to be the security specialist or the end user that is responsible for the infected endpoints? The likelihood that it is the product is very low, since the industry average is 98% for 0-day malware and 99% for known malware!

  • Configuration issue?
  • Did the end user turn off AV?
  • Was the endpoint offline when the infection took place?
  • The end user has to know that they are not allowed to enable the macro functionality in MS Word!

Machine Learning isn’t just a tick-box feature

Do not worry dear customer we are releasing our new ML focused product that includes significant enhancements over our previous products.

  • First, ML is a whole system of people, process and technology that scales from one technician and a PC, to entire organisations and a large amount of computing power. Stating that two products are equal because they both use Machine Learning is like comparing a Tesla with a legacy car modified with with an electrical engine and an extra long extension cord.
  • Assume they will again score close to100% in tests, but in a much better way?
  • We know that signatures only work for known malware, and you already have 98% protection for unknown why do you need to add more functionality for 0-days?
  • Since the new feature for handling 0-day is signature less with 98% protection, i assume that we can turn off the signature updates and Internet connection without compromising the efficacy?

If you after reading this have a interest of learning more move to phase two

Your business deserves it!

Enduser perspective:

The users deserve an EndPoint (EP) security solution that allows them to use their creativity and energy for tasks that elevate the company to the next level regardless of location.

  • Not to be afraid of opening the “wrong.” document!
  • Not plan the lunch based on when the daily AV full scan runs.
  • Not feeling that the AV tool is stealing valuable time caused by performance issues.

IT Security specialist perspective:

To keep up with the adversary’s you as a security specialist, have to focus on the strategic and proactive prevention mechanisms of the business crown jewels.

  • Not administrating AV management servers.
  • Not checking out of date agents.
  • Not crawling upstream in an endless flood of events caused by infected EP’s.
  • Not reimagine endpoints caused by malware infections.
  • Not fine tuning the ransomware incident process for the next ransom.
  • Not to be responsible for increasing the friction to the users by adding further security mechanisms.

You deserve an EP security solution that gives you back time to use your knowledge and experience for finding and investigating the high severity incidents.

Seeing is believing , want to know how we can prove our new technology and support you with a compelling business case?

Go to phase three…

Seeing is believing

If you invest in a meeting with us we will:

  • Present the Securelink approved EP security solution
  • Show our latest test data, yes we claim to be a professional security integrator. That would not be possible if we don’t have the data to back us up.
  • Perform a live demo between your existing EP security solution and our solution.
  • Walk you trough the ROI metrics and discuss how you would like to build your business case.

Why signature based protection is broken – Check

Why your business deserves it – Check

How our technology works and support the business case

Want to get more data supporting the business case?

Time for a proof of concept – phase four?

 Basics

  • The PoC runs for 4 weeks, customer needs to spend approx. 1-2 hours/week, mostly for the weekly calls looking at findings and deciding next step.
  • The PoC is fully led by Securelink. The good thing with this is that we have meetings in our native language.

Prerequisites

*We needs the below info to set up the customer tenant (the management console)

  • Customer name/contact details
  • Number of total endpoints
  • Approx number of endpoints in the PoC (minimum 100 endpoints)
  • PoC kickoff date

The PoC

 Kick-off meeting (0,5 day)

  • Creates access for the customer to the customers tenant
  • Sets policies in file monitoring mode (no auto-quarantine)
  • Walkthrough of settings the initial agent installations
  • During and after this day customer deploys the agent to the selected PoC scope. Customers choice of deployment tool can be used.

Follow-up meetings (week 2 and 3)

  • Walkthrough of findings
  • Decide if devices should be moved into auto-quarantine mode
  • Decide if other features should be evaluated: Memory Protection and Script Control

PoC closure meeting (week 4)

  • Walkthrough and conclusion of the PoC