Page 29 - info_oct_2021

Page 29 - info_oct_2021_draft13

P. 29

a trillion towards the end of this decade. These
devices are highly vulnerable to cyber threats
due to their limitation in computation, network
capacity and storage, and ubiquitous nature.
Therefore, IoT security requires self-healing and
automated mechanism for detection of threats,
avoidance of data compromisation and reduction
Endpoint Central Endpoint of response and downtime.
Server & Database Update Server
Endpoint Detection and Response (EDR): EDR
integrates rule-based automated analysis and
response capabilities with the endpoint data
gathering and real-time persistent monitoring.
The main focus of EDR is on identification and
investigation of suspicious activities at endpoints
Endpoint Edge Relay Server along with automation for faster detection and
Server & Database response. Threat intelligence feed from various
sources enhances the efficiency of EDR solution
for the identification of advanced exploits such
as zero day and multi-layered threats. Some
EDR solutions utilize Artificial Intelligence and
machine learning for the automotive investigation
and analysis about potential threats.
On Premise Endpoint Clients Web based central Off Premise
monitoring Endpoint Clients
Endpoint Encryption: Encryption is the
technique to encode data on endpoint devices
in unreadable format to make it unusable for
with machines. Traditional endpoint security (EDR) is also integrated to detect and prevent unauthorized actors. For authorized users the
solutions such as firewall, antivirus, reputation, file-less, zero-day and script based threats like data would be decrypted with the associated
and heuristics are integrated with machine ransomware. The key capabilities of advanced decryption key to make it accessible. Sensitive
learning and artificial intelligence to detect and endpoint security solutions are explained below. information of critical applications such as
prevent advanced threats with nearly same speed healthcare, banking, defense etc. is protected
as of threats. Security Analytics: In security analytics, data from unauthorized access using endpoint
related to endpoints is aggregated and analysed encryption. Using this technique, the operating
Traditional Antivirus using security analytics tools for the detection system can be protected from “Evil Maid” threats
Antivirus is an endpoint solution developed of potential attacks. Malicious activities and which install corrupt boot files and key logger.
for the detection, prevention and elimination associated harmful effects are identified and
of malicious actors such as viruses, worms, and mitigated to avoid the damage caused by them. Extended Detection and Response (XDR):
Trojans on end point devices based on large XDR is an enhanced form of EDR with improved
database of malware signatures. The antivirus Machine Learning: Machine learning is detection and response capabilities using real-
solutions detect malware with the scan of files one of the prominent components of artificial time data. It is a SaaS-based technique that
and directories based on patterns that matches intelligence (AI), through which enormous data collects data across multiple components and
the malware signatures on file. Antivirus software is analyzed for behavioral learning of endpoints. correlates it by utilizing behavioral analysis,
is provided by a number of vendors, with the Based on behavioral learning, malicious activities threat intelligence and data science techniques.
versions developed for small businesses, are identified and automatic security processes XDR has the ability to optimize response with
personal use and large enterprises. The antivirus such as quarantining the endpoint and/or increased visibility and advanced context while
software has the capability to scan the system on- issuing of alerts are triggered. In present working reducing the scope and severity of attack.
demand as well as at scheduled intervals. They environment, Machine Learning has become one
also warn the user before visiting the malicious of the important techniques for the detection of Conclusion
sites by virtue of its safety features. Further, they advanced threats at endpoints such as novel and Attackers usually target endpoints devices as
have the capability to identify different types of zero day attacks. the start points for malicious entity. Advanced
threats that are attacking the endpoint device. security solutions are required for quick
The major limitation of these solutions is that Real-Time Threat Intelligence: Real-time detection, analysis, blocking, and containing of
they are able to recognize only known threats threat intelligence provides updates from external threats. For this purpose, the endpoint security
and need to update signature database for new security agencies about novel security threats technologies need to collaborate with each other
threats. such as zero-days, file-less malware and other and share threat intelligence.
trending malware in the cyber world. It expedites
Advanced Endpoint Security threat analysis, detection and prevention in the
Cyber world requires advanced endpoint real-world scenario.
security solution as applicability of traditional
solutions is limited only to known threats. Internet of Things (IoT) security: With the For further information, please contact:
Advanced endpoint security integrates features advent of smart everything (like smart cities, Diwan Hauym Khan
of traditional solutions such as firewall, antivirus, smart industry, smart healthcare) IoT has Scientist-F
National Informatics Centre, A-Block, CGO Complex
reputation, and heuristics with Behavioral incredible impact and proliferation in every Lodhi Road,
Analysis, Machine Learning and containment. domain of life. According to surveys, the count New Delhi - 110003
Besides, Endpoint Detection and Response of IoT devices connected worldwide will cross Email: dhkhan@nic.in, Phone: 011-2430 5608

October 2021 informatics.nic.in 29

24 25 26 27 28 29 30 31 32 33 34