What are Unified Endpoint Security (UES) systems and do you need them?
December 2020 by TEHTRIS
A fairly recent concept in the cybersecurity market, Unified Endpoint Security meets the need for global protection on a complete fleet of workstations, remote PCs, mobiles, tablets, etc.
Like its predecessor, the UEM (with M for Management), a UES solution displays the real-time status of this fleet on a unified console. The true value of the UES system lies in its S (for Security), since it represents its ability to actively detect and combat known and unknown threats. Seeing is good, being protected is better.
So, the UES is the combination of the EDR, EPP and MTD tools, providing protection on all terminals, also known as "endpoints". As the concept is recent, few providers are ready to provide this complete protection. TEHTRIS is identified as one of them by Gartner (Rob Smith & Dioniso Zumerle, Innovation Insight for Unified Endpoint Security, Nov 2020).
A bit of context:
Companies around the world are currently facing a chaotic cyber environment. Attackers are trying to take advantage of the current pandemic and the insecure home-based work environments in which organizations have been forced to operate.
Business continuity plans have sometimes led companies to relax the very strict security rules that were previously enforced inside the walls. As a result, mobile devices, laptops and remote PCs are now able to access data that was previously better protected.
Today, these devices expose companies to new threats that must be stopped, because attackers are very ingenious at launching targeted attacks against large and small organizations alike.
Endpoint control and protection - the two most popular methods
There are two main concepts that enable organizations to control and protect their endpoints: management and security.
Unified Endpoint Management (UEM) provides centralized management of all mobile devices as well as desktops, laptops and other types of endpoints. As organizations today manage an ever-increasing range of end-user and IoT needs, it is critical that they have visibility and control over all endpoint environments from a unified console.
On the other hand, Unified Endpoint Security, or UES, is layered on top of UEM systems, with additional security capabilities provided by Endpoint Detection and Response (EDR), Endpoint Protection (EPP) and Mobile Threat Defense (MTD) technologies.
What is the added value of Unified Endpoint Security systems?
An effective UES solution will work in two steps:
• It detects and responds to risks and threats on all endpoints;
• It provides a global view, correlation and threat management across all endpoints.
Here are the main components of an UES system and what they bring to it:
• [EDR] Endpoint Detection & Response - An EDR solution detects and neutralizes known and unknown threats. Such a system will be able to spot stealth espionage efforts without malware and weapons, know the techniques used by hackers and counter them by building solutions upstream. The ideal EDR solution for you will also be equipped with Data Science so you can rely on real data for anomaly detection and decision making, Cyber Threat Intelligence (CTI), to cover millions of endpoints worldwide, and a clear dashboard to help your SOC gain visibility into the overall security of your infrastructure.
• Endpoint Protection Platform (EPP) - An EPP solution protects operating systems from known threats with advanced antivirus and scanning capabilities. An effective EPP platform must have a threat knowledge base that is integrated with the antivirus engine, automatically updated and optimized to protect your systems against a wide range of viruses. Advanced features should complement local antivirus protection by fighting against vulnerabilities exploits. The behavioral analysis capabilities of an EPP system will also enable real-time detection of advanced and unknown attacks with suspicious process migrations and in-memory executions.
• [MTD] Mobile Threat Defense - An MTD solution enhances the security of a mobile fleet (smartphones and tablets), for example by analyzing applications as they are installed and during updates. Ideally, the MTD application installed on mobile devices can discover vulnerabilities at the local configuration level. Such a solution can help you equip your mobile devices with anti-malware tools and meet compliance requirements by storing technical information from these devices in a central repository.
The combined effectiveness of an EDR, EPP and MTD solutions provides unified security across all endpoints. The resulting UES solution has a single console, allowing you to detect and assess previously undiscovered threats through cross-analysis of data.
Benefits of the UES
The need to consolidate security and operations to achieve significant productivity and efficiencies is driving a strong demand for Unified Endpoint Security solutions. These systems can quickly process large amounts of data to detect unknown threats.
Traditionally, MTD solutions have been adopted by sensitive entities such as military environments, governments, and regulated organizations. They are now becoming more widespread, given the need for large organizations to monitor the mobile and tablet fleets of all their employees. As part of the UES solution, the MTD module now offers the ability to provide real-time telemetry data, to find out for example if a user is connecting to a public Wi-Fi network or if their PC and mobile device are in the vicinity. Ultimately, the UES will lead to cost savings by reducing the number of consoles to be monitored and managed, and by reducing the risk of a successful attack. From a single console unifying the products, it is thus possible to supervise the detection and response to attacks, for example by neutralizing various threats, such as ransomware on multiple PCs, hacking of multiple tablets, or attacks related to common compromise indices (phishing on mobiles and PCs, etc.).
A single-console solution powered by Machine Learning and Artificial Intelligence
The three TEHTRIS EDR, EPP and MTD modules integrate to create an UES platform with a unified console that protects your endpoints against known and unknown threats. The strength of TEHTRIS products is their hyper automation: the modules are programmed to act and interact autonomously, neutralizing known threats. In the case of an unknown threat, they stop the suspicious process, analyze it and make the decision to let it run or destroy it. TEHTRIS technologies are deployed in more than 70 countries, and used by customers and partners who trust us because we provide them with exceptional, out-of-the-box or customized security products.
If you’re looking to adopt the UES with two main goals in mind: extending detection and response from traditional endpoints (laptops and desktops) to mobile devices; and getting a single security component from which you can seamlessly manage the security of all endpoints, then TEHTRIS solutions are ideal for you.