Distributed, automated detection and protection accelerates breach response.
Sadly more than 90% of breaches start with a “click”: Attachments, downloads, malvertising, Java, the web, media, USB and executables all punch holes in the perimeter. Conventional “detect to protect” tools fail – because 99% of malware morphs in under a minute, making signatures useless. And the thousand-fold increase in crypto-malware signals a shift to machine-timescale breaches that can bring an organization to its knees before the first alert. CISOs find themselves in the awful position of having to detect a breach once an attacker has succeeded – without knowing what to look for or how to respond.
In an era of targeted and machine-timescale attacks, luck and hope are not enough. This talk will present a way to use the endpoints themselves to accelerate enterprise detection, threat analysis and response. The approach relies on the use of virtualization based security on endpoints to isolate threat vectors, protecting the endpoint but more importantly providing an isolated environment in which malware will execute, with the advantage of tamper-proof monitoring. Insights from each endpoint are correlated to accelerate enterprise-wide response.