Endpoint protection & misconceptions

#1 – Agentless is not really agentless

While it’s true that with agentless products you don’t install the vendor’s components on the endpoint itself, the vendor’s server still utilizes existing OS functionality and built-in “agent” to perform the security tasks that are usually implemented in a dedicated agent. This means that the endpoint’s resources are still used yet there are issues and limitations surrounding agentless products.

#2 – Agentless products sufficiently secure the endpoint

“Things you see from here, you can’t see from there” is more than true when thinking about agentless products since they are limited in many functionalities and capabilities that are only available from the endpoint itself, from running in kernel mode and manipulating processes’ execution in real-time to preventing sophisticated and evasive attacks before they actually damage the endpoint.

#3 – EDRs/NGAMs are the best solution to protecting endpoints

We’ve already covered in the past the problems that machine learning and AI based products face and why they won’t be solved anytime soon so next-gen anti-malware products aren’t immune to failures and won’t necessarily provide the cover endpoints need. Since EDRs usually hide a NGAM or (even worse) signature-based antivirus engine behind them so they suffers from similar issues. EDRs are considered post-infection tool so they might help understand what happened, but not necessarily prevent it in the first place.

#4 – Deploying an(other) agent is a pain/impossible

One of the biggest issues with endpoint protection remains the deployment. The reason is that most products are heavy, complex and contain dozens & hundreds of components that increase the chances of failures, crashes and in worse cases, completely destroy the machine (I “fondly” remember spending more than a week reconstructing a complex debugging environment due to a very destructive deployment…), though it’s not the case with certain vendors and solutions.

#5 – Big/Known vendors provide enough coverage/protection

A Symantec VP already said that the AV is dead back in 2014, others admitted AVs detect poorly and there’s a reason big vendors buy or cooperate with small, innovative vendors. More so, the industry is beginning to understand the need to shift focus to prevention (which Deceptive Bytes has been doing since day one)

If you’d like to learn more about Deceptive Bytes and how we help organizations prevent advanced threats, just contact us or request a demo