Endpoint Protection: It’s All About the Exploit Technique Sequence

By Lauren Fortune

Chief Marketing Officer

Endpoint

A couple of months ago, we featured an article on the number of Windows 2003 servers out at branch (https://www.teneo.net/uk/zero-branch-it/) and made our recommendation to re-think the way server infrastructure is architected, taking the opportunity to consolidate as many services as possible back to the Data Centre for cost, management and business continuity benefits. We also highlighted that the last Windows 2003 security fix had long been and gone, leaving endpoints exposed to external attacks. So that was for servers, but what’s happening to the clients sat out at branch still running Microsoft legacy operating systems? Those desktops and workstations all on Windows XP?

After the last security patch in April 2014, it was estimated that more than 400 million machines were still running XP, making for a malware writer’s dream. And, since Microsoft also ended support for older versions of Internet Explorer on January 12th, 2016 (that’s anything older than Internet Explorer 11), if your browser security updates are out of date, as Microsoft say themselves, “Your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information.”

The endpoint has always been the hacker’s real target, since a) that’s where most valuable data is held and b) of course, it’s the gateway to the company’s wider network for further infiltration.

Some advisors recommend installing a “good” anti-virus solution. But with more users falling for more sophisticated attacks (many of them never having been seen before), the methods used by traditional endpoint protection solutions just can’t keep up with the rapidly evolving threat landscape. Whilst many anti-virus solutions are able to detect exploits, they’re still likely to leave you exposed since they aren’t geared up to completely prevent cybersecurity criminals from being able to take over your PCs.

The most advanced threats these days leverage vulnerabilities in software that we all use regularly, like XP and IE 8, 9 and 10 as well as pdf, rtf, doc, ppt, xls, etc. And the thing they all have in common is that they follow a process. Regardless of the attack or its complexity, in order for the attack to be successful the attacker must execute a series exploit techniques in sequence. So we believe that the answer to the endpoint protection problem, regardless of the age of operating system or browser, is in focusing on the core techniques at each stage of the Kill Chain, rather than trying to identify the millions of individual attacks themselves, or detect malicious behaviour in isolation.

The Palo Alto Networks Attack Kill Chain is illustrated using the following model:

Kill Chain

After the acquisition of Cyvera back in 2014, Palo Alto Networks have now fully integrated their endpoint protection solution, Traps, to their Enterprise Security Platform, and we’ve had superb feedback so far on the level of real-time prevention and protection Traps can provide.

Traps employs a series of exploit prevention modules aimed at mitigating and blocking the different exploit techniques available to attackers, rendering their series of techniques completely ineffective, which means the targeted application is no longer vulnerable. Here’s a high-level view of how it works:

Traps

We have more info on Palo Alto Networks endpoint protection solution on our dedicated Traps website page: https://www.teneo.net/uk/technology/palo-alto-networks-traps/

In August 2015, Forrester Consulting prepared a Thought Leadership Paper, commissioned by Palo Alto Networks, to evaluate endpoint security solutions and explore the assertion that endpoint security solutions whose focus is primarily on detection and remediation are not effectively serving customers. Their view was that in order to protect against advanced and previously unseen threats, a combined strategy of both detection and prevention is needed. We recommend a read of the full paper if you’re questioning your current antivirus solutions: Endpoint Security Takes Center Stage

So in conclusion, if you’re reviewing your endpoint protection strategy, have legacy software running and need an instant cybersecurity security defence, or need help to articulate the business risks associated with endpoint security, we’d like to help. Send us a brief email info@teneo.net or call us, referencing Palo Alto Networks Traps, from:

  • The UK on +44 118 983 8600
  • France on +33 1 55 68 11 12
  • The USA on +1 703 212 3220
  • Australia on +61 2 8038 5021

Contact us – We’d love to help you

Teneo collects your personal data when you complete our online forms. We will use this information to provide an accurate response to your questions or requests and we will keep a record of your form completion in our CRM system. By submitting this form, you agree to us contacting you for the purpose of our response. For more information explaining how we use your personal data, please see our Privacy Policy.