Raising the bar on endpoint solutions

RETHINKING ENDPOINTS

Telework proliferation has redefined traditional endpoints such as laptops and servers to include smart devices, wearables, and Internet of Things technologies, which form a complex network exchanging high volumes of data daily.

Although businesses have traditionally adopted anti-virus (AV) software that is designed to block file-based malware, such a solution could only partly address all endpoint vulnerabilities. Its tendency to be signature-based means AV works best at only protecting against well-documented attacks, which could result in performance inefficiencies. Modern malware attacks call for an Endpoint Detection & Response solution that expands beyond traditional AV software to cover other cybersecurity blind spots. Endpoint security solutions deploy tools to gather and analyse data to reveal potential threats and immediately prompt preventive actions against an attack. Some of its comparative advantages include real-time threat response, higher user data visibility, transparency, and rollback remediation features. In this post, we explore some of these latest persistent attacks that endpoint security solutions address.

COSTLY UNDETECTED THREATS

On average, cybercriminals spend 191 days inside a network before being discovered, and that is a lot of time to cause some damage. Most AV tools recognised the inadequacy of being reliant on signatures and moved to a rule-based scanning system by conducting several tests on a file's content. Although a step forward, this approach lacks in counteracting malware built to avoid detection by such rules. Its dependency on the engine having already known the malware previously to analyse it and develop a detection rule means the AV is always on the back foot in responding to a future attack.

CAN YOU TRUST WHAT YOU SEE?

Each day, we go through many documents, which generally are harmless collections of data formatted into different files, which our systems run code on our machines through their binaries. However, certain document formats blur this boundary when they contain dynamic elements such as JavaScript or macros. Maliciously formatted documents use these functionalities to compromise a system as soon as such documents are loaded. Signature-reliant AV solutions could not circumvent these more complex malicious documents due to the latter's tendency to "morph" by creating a document with a dissimilar “normal” content or misleading confusing code.

THE EVER-PRESENT INVISIBLE THREAT

In recent times, cyber attackers have picked on a traditional AV solution vulnerability by creating malicious processes that could be deployed in-memory without inserting actual files for AV scanners to find. What caused these "fileless" malware attacks so hard for traditional AV software to detect is their nature to subvert trusted processes.

ENCRYPTION ROADBLOCK

Another weakness of legacy AV is encrypted traffic, which has become the norm for most websites. While https and SSL certificates are acceptable ways to secure digital communication with a trusted website, they could create a "darker" side of actually helping protect attackers' communications too. Malicious threat actors hide their activities from detection by securing any traffic between their victims and their command-and-control (C2) server with end-to-end encryption. Nearly 50% of phishing sites have SSL to mask their activities from users and security software.

SECURITY IS EVERYONE’S CONCERN, BUT IT IS OUR BUSINESS

We understand that cyberattacks do not rest. In today’s climate signature detections are simply insufficient. Any security software that does not employ behavioural AI engine options with machine learning will be outwitted by attackers. Businesses dealing with this new normal need a new solution. Endpoint detection & response solutions that do not rely on traditional approaches take on a more proactive position by bringing the fight to the attackers through predicting whether processes are malicious irrespective of their source. Whether you are facing a polymorphic, unusual malware, or vicious fileless attack, endpoint security solutions have the advantage of built-in automated intelligence to detect attacks at both pre and on-execution. These next-generation security solutions also provide deep visibility into encrypted traffic for post-execution threat hunting. If you like to find out more and see the difference the latest endpoint security solution can make to your security posture, contact us today for a discovery call.

For more information, download the Understanding the 5 Main Cyber Threat Types eBook today.

 

 

Security & Networking