Ovum Report: How Endpoint Modeling Enhances Traditional Threat Detection

A closer look at why Ovum Consulting recommends putting endpoint modeling on your radar.

In a recent report published by Ovum Consulting, the firm points out that although the time to detect and remediate data security breaches has been reduced by more than 50% over the last two years, it still remains alarmingly high at more than 200 days. With the diversity and volume of network threats increasing every month, it is clear that 200 days is too long to allow criminals to access your systems and networks undetected.

The question remains: How do businesses reduce that timeframe?

Endpoint modeling is the answer. In this same report, Ovum points out the value of dynamic endpoint modeling as a means to enhance traditional threat detection solutions and reduce the time to identify and address network threats. Encrypted network traffic, Bring Your Own Device (BYOD) strategies, and third-party products and services are all complicating operating environments to the point where it is difficult for threat detection software to keep pace. Continuously examining traffic on local networks is difficult in enterprises when the network is constantly changing.

Endpoint modeling brings an element of automated analysis that enables enterprises to find threats faster even in environments complicated by encrypted data and BYOD policies. As Ovum states in the firm’s report: “[Endpoint modeling] benefits from not having to rely on log file monitoring, deep packet inspection techniques, and traditional antivirus-based signatures. Its technology combines statistical methods with engineered components to build a model for how each entity should operate. It reports on activities that fall outside the norm, and its endpoint modeling approach provides the user with opportunities to reduce breach detection times.

[Endpoint modeling] reports on activities that fall outside the norm, and its endpoint modeling approach provides the user with opportunities to reduce breach detection times.

Ovum Report

Ovum also points out some of the key advantages endpoint modeling offers in relation to traditional threat detection approaches:

  • The endpoint modeling approach is significantly different from traditional threat detection and can identify threat activity that signature-based security solutions cannot see.
  • Endpoint modeling monitors and reports on activities based on the type of device; on what similar devices have done in the past, are doing now, and are expected to do in the future; and on what rules those activities will break.
  • Endpoint modeling does not rely on deep packet inspection to look inside payloads and is not adversely affected by the increasing use of encrypted traffic.
  • Endpoint modeling does not need to deploy an agent on protected devices, and thus is not restricted in its use and can work with any IP-based endpoint and the traffic it generates
  • Endpoint modeling technology is delivered from the cloud as a service, which simplifies deployment and lowers operational costs, making it viable add-on protection.

Want to learn more about the advantages of endpoint modeling as a complement to what you’re doing today to protect your network? Download the Ovum report, and find out why the firm recommends Observable Networks’ solution.

Experience Dynamic Endpoint Modeling on Your Own Network

Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.

Detect Threats Faster – Start Your Free, No-Risk Trial