Stephan Gilliland, Head of Information and Cybersecurity at CoCre8.

AI is playing an increasingly important role in cybersecurity. On the one hand, well-resourced cybercriminal cartels are coming up with new ways to penetrate corporate systems, often using AI to do so. On the other, AI is empowering security teams to analyse the huge amounts of data at their disposal to detect anomalies and suspicious behaviour early on.

In short, AI enables a proactive approach to threat detection and response, something that’s vital in repelling attacks and minimising the impact of a breach. Even more important, AI is constantly gaining in effectiveness as it consumes more data. This is critical; as the threat landscape changes, an organisation’s defence capabilities can respond in a largely automated manner.

Sophos AI-driven Intercept X Advanced with Threat Hunting is an excellent example of how AI is improving defence capabilities. It combines behavioural analysis with deep learning powered by the virtually unlimited processing power of the cloud, allowing it to detect and block even the most elusive threats.

“Another key point of differentiation is that the Sophos solution does not rely on signature-based detection, an approach that is too static for the rapidly evolving threat landscape,” says Stephan Gilliland, Head of Information and Cybersecurity at CoCre8. “Sophos has taken the route of creating a data lake that contains all known vulnerabilities, which means that the powerful AI can identify hidden or newly minted (zero-day) threats through deep analysis, even before their signatures are known.”

But AI on its own is not enough when it comes to endpoint security. The anywhere/anytime work style, which has become the new normal since the Covid lockdowns, means that endpoints have become a key security issue. An endpoint security framework is required to coordinate security across all the network’s endpoints, which increasingly operate outside of the corporate firewall.

Such a framework must embody a multi-layered approach: 

Detection. Conventional endpoint detection and response (EDR) is now being amplified by extended detection and response (XDR). The latter looks beyond the organisation’s systems to correlate data from multiple sources to enable earlier threat identification.

Prevention. It’s essential to implement robust endpoint protection platforms with advanced features such as application and device control as well as data loss prevention. Prevention must be underpinned by strong password policies, regular employee training and regular software updates.

Response. Given the scale of the threats, breaches must be considered to be likely; rapid incident response is a priority to minimise damage. An effective framework should include automated response capabilities, such as containment and isolation of infected endpoints. In tandem, though, expert human intervention is essential when it comes to combatting complex threats. Continuous improvement. A proactive approach to the organisation’s security posture is vital. Key interventions include regular security assessments, the integration of threat intelligence and ongoing employee training. Humans remain the weak link in any security framework.

Sophos offers a comprehensive suite of products aimed at addressing each of these issues.

As noted above, Sophos Intercept X Advanced Threat Hunting provides state-of-the-art threat protection and response, powered by AI. Sophos Central provides a unified platform for managing endpoint security, simplifying operations and improving visibility for the administrators of the organisation.

Sophos XDR delivers extended detection and response capabilities, correlating data from endpoints, servers, networks, and the cloud to provide a comprehensive view of all the threats.

“Sophos’s real point of differentiation is that these point solutions are combined on a single platform covering detection, prevention and response in an integrated manner,” says Gilliland. “Sophos uses AI and machine learning to offer an adaptive solution to evolving threats, including ransomware attacks. It also provides user-friendly management tools for administrators. “It’s all about combining human expertise and automated responses to enhance security across the interconnected systems.”

Gilliland says that implementing an advanced endpoint security solution requires a holistic approach covering people, processes and technology.

People remain the weakest link in the security value chain. Phishing and other social engineering tactics are becoming more sophisticated, so regular training complemented by simulations are necessary to help identify vulnerabilities in the workforce.

As always, processes must be put in place to guide responses. Incident response plans must include roles and responsibilities, with regular security assessments and audits used to identify gaps. Simulations should also be used to help identify areas for improvement. Organisations can use existing security frameworks to prioritise investments based on real threats. Technology has a critical role to play, but once advanced endpoint security solutions are implemented, ensuring they are properly configured is as important. Many organisations have found themselves victims despite having installed excellent products because of misconfiguration. It’s sadly true that failure to update security software and run security patches remains a common reason for successful attacks, and organisations should consider implementing a zero-trust security model.

“The threat landscape is in a state of constant flux, with new threats emerging all the time. To successfully defend themselves, organisations must adopt a layered, adaptive approach to endpoint security, one that takes an integrated approach to the whole system,” Gilliland says. “Only a holistic approach will enable organisations to navigate the evolving threat landscape confidently and safeguard their valuable data assets.”

stephan.gilliland@cocre8.com

steven.kramer@cocre8.com