Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
What EDR solutions are
available on the market
today?
• David Strom
• St. Louis, USA
• @dstrom
http://strominator.com 2
1E - Copyrighted. All rights reserved
Agenda
• Trends
• Phishing and Box Fatigue
• Rise of zero trust
• Here come the (US)...
Trends
Then Covid happened
• VPNs aren’t the (total) answer, despite Jerry’s
pleas
• Ransomware attacks up 25% from 2019Q4 =>
202...
Phishing subject lines
• Password Check Required
Immediately
• Vacation Policy Update
• Corporate Reopening Schedule
• COV...
Verizon Data Breach Report 2020
Box fatigue c. 2017 vs. security fatigue today
• Get a password manager
• Use an ad blocker
• Patch and update
everything you can
• Check/think before you
click
Do these ‘package delivery’ phishes seem
familiar?
Rise of zero trust networks
• Origin: 2010 John Kindervag of Forrester
coined the term
• Core idea: No one gets access unt...
Another way to ask
• What is the single
source of truth that we
can use to secure the
WFA endpoint?
Here come the Feds
National
Institute of
Standards and
Technology
(NIST)
Special
Publication 800-
171
NIST implementation
guidelines
Cybersecurity Maturity Model
Certification (CMMC) program
Jan 2020 – first released
Sept 20...
EDR/EPP/
XDR
functional
expectations
• Ad hoc search queries
• Better security policy enforcement and
reporting
• Automati...
2. Network Traffic Analysis
3. Malware sandboxes
4. Cyber threat intelligence
5. Central analytics and management
6. Email...
Let’s look at three EDR products
Tanium features
Not just p2p but
also across the
LAN/WAN
Added its own
natural language
explorer query
tool
Queries take
<...
Tanium
Carbon Black features
LOTS OF CB SENSORS
NOW INSIDE MANY
VMWARE PRODUCTS
SUCH AS VSPHERE,
VCENTER, NSX, HORIZON
VDI
AGENTS...
Use
cases
for 1E
Tachyon
• Deploying patches across a mixed
OS environment
• Find the compromised PC for a
specific malwar...
Tanium 1E Tachyon Carbon Black
• Slower
responses on
queries
• Microsoft
“insurance”
vendor
• P2P/LAN design
outmoded
• UI...
Thank You –
David Strom
+1 (314) 277-7832
david@strom.com
Twitter: @dstrom
http://strominator.com
Slides available:
http:/...
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
You’ve finished this document.
Download and read it offline.
Upcoming SlideShare
What to Upload to SlideShare
Next
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

1

Share

What endpoint protection solutions are available on the market today?

Download to read offline

This is a talk I gave in Nov 2020 about how the working from anywhere movement is changing how we protect our endpoints and business networks.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

What endpoint protection solutions are available on the market today?

  1. 1. What EDR solutions are available on the market today? • David Strom • St. Louis, USA • @dstrom
  2. 2. http://strominator.com 2
  3. 3. 1E - Copyrighted. All rights reserved Agenda • Trends • Phishing and Box Fatigue • Rise of zero trust • Here come the (US) Feds • What the scope of an EDR product means today • Competitive landscape of 1E Tachyon, Tanium and Carbon Black
  4. 4. Trends
  5. 5. Then Covid happened • VPNs aren’t the (total) answer, despite Jerry’s pleas • Ransomware attacks up 25% from 2019Q4 => 2020Q1 • Most everyone reported overall increase in the number of attacks • FBI cybercrime reports went from 1000/day to 4000/day • UK’s NCSC Covid on the rise • Huge rise in phishing emails …
  6. 6. Phishing subject lines • Password Check Required Immediately • Vacation Policy Update • Corporate Reopening Schedule • COVID-19 Awareness • Coronavirus Stimulus Checks • List of Rescheduled Meetings Due to COVID-19 • Confidential Information on COVID • COVID-19 - Now airborne, Increased community transmission • Fedex Tracking #
  7. 7. Verizon Data Breach Report 2020
  8. 8. Box fatigue c. 2017 vs. security fatigue today
  9. 9. • Get a password manager • Use an ad blocker • Patch and update everything you can • Check/think before you click
  10. 10. Do these ‘package delivery’ phishes seem familiar?
  11. 11. Rise of zero trust networks • Origin: 2010 John Kindervag of Forrester coined the term • Core idea: No one gets access until they prove who or what they are • Better idea: zero risk, find the critical data that is worth protecting
  12. 12. Another way to ask • What is the single source of truth that we can use to secure the WFA endpoint?
  13. 13. Here come the Feds
  14. 14. National Institute of Standards and Technology (NIST) Special Publication 800- 171
  15. 15. NIST implementation guidelines Cybersecurity Maturity Model Certification (CMMC) program Jan 2020 – first released Sept 2020 – interim guidelines Nov 2020 – start date to phase things in and get certified Nov 2025 – when it is supposed to be complete and required for everyone 1, basic cyber hygiene 2, document best practices 3, where everyone should be and have implemented plans 4, more defensive measures in place 5, advanced threat prevention
  16. 16. EDR/EPP/ XDR functional expectations • Ad hoc search queries • Better security policy enforcement and reporting • Automatic discovery of outliers and unmanaged endpoints • Detection of lateral network movement (for better early attack notifications) • Better remediation and deployment tactics • Better security awareness training • Better patch management (ditto) • Integration into existing protective gear such as event and service management tools
  17. 17. 2. Network Traffic Analysis 3. Malware sandboxes 4. Cyber threat intelligence 5. Central analytics and management 6. Email protection
  18. 18. Let’s look at three EDR products
  19. 19. Tanium features Not just p2p but also across the LAN/WAN Added its own natural language explorer query tool Queries take <15s, so a bit slower than Tachyon More granular access rights and drill-down analysis features now included Scripts supported in PowerShell, Python or VBScript, >800 written
  20. 20. Tanium
  21. 21. Carbon Black features LOTS OF CB SENSORS NOW INSIDE MANY VMWARE PRODUCTS SUCH AS VSPHERE, VCENTER, NSX, HORIZON VDI AGENTS ARE MORE LIKE CONTAINERS THAT CAN LOAD VARIOUS PROTECTIVE MODULES, INCLUDING SENSORS FOCUS IS ON CAPTURING EVERYTHING ACROSS THE NETWORK AND INSIDE THE ENDPOINT OR VM INSTANCE LARGE INTEGRATION EFFORT WITH OTHER INTEL SERVICES, SIEMS, ETC.
  22. 22. Use cases for 1E Tachyon • Deploying patches across a mixed OS environment • Find the compromised PC for a specific malware intrusion • Why can’t I install this software on this PC? • Is my web browser slow? • My always-on business is offline. Why? • Can I automate a non-infosec event? • Can I track which users have reviewed which infosec policies?
  23. 23. Tanium 1E Tachyon Carbon Black • Slower responses on queries • Microsoft “insurance” vendor • P2P/LAN design outmoded • UI could use a refresh • Win, Mac, lots of Linux clients (but no phones) • Multiple sensors already embedded in Vmware products like vCenter and vSphere and NSX • File distribution not as well as competitors • Confusing array of product versions • Millisecond response time on queries • Powerful query construction process • Built-in sec awareness tool
  24. 24. Thank You – David Strom +1 (314) 277-7832 david@strom.com Twitter: @dstrom http://strominator.com Slides available: http://slideshare.net/davidstrom
  • StevePanovski

    Apr. 27, 2021

This is a talk I gave in Nov 2020 about how the working from anywhere movement is changing how we protect our endpoints and business networks.

Views

Total views

83

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

1

Shares

0

Comments

0

Likes

1

×