Endpoint security is a no-brainer for any business. Companies from Mom and Pops to transnational juggernauts realize this. It’s an operational expenditure as fundamental as a Starbucks venti. Yet every other day it seems hackers steal headlines. Target, Wells Fargo, Ebay, Adobe—even major players with CISOs and big IT departments are getting hit.
Whatever was working before isn’t working now.
The problem is manifold but boils down to this: The cyber criminals are well-funded, well-organized, incentivized, and numerous. They can churn out new malware faster than the traditional antivirus companies can engineer countermeasures. If this is starting to sound like an old fashioned arms race, you’re right. Add advanced persistent threats (APTs) and other targeted attacks into the mix, and you have not only random malicious cyber threats, but threats custom designed to attack a particular business, its employees, and IT infrastructure.
Effective endpoint security now is about specialization and layering.
Traditional antivirus products can do the heavy lifting when it comes to well-known threats. Antivirus companies have spent years cataloguing malware threats and building definitions to deal with them. But it’s an increasingly Sisyphean task--Symantec lists over 24 million definitions in its database. Yet malware still gets through.
On the other hand, new and previously unidentified threats, like those based on polymorphic, metamorphic, and other self-modifying code, pose a difficult challenge.
One that requires a layered approach to security employing specialized tools. These layers would include network security (firewall, gateway security, etc.), a traditional endpoint security/antivirus, advanced anti-malware and a very recent addition, next-generation anti-exploit.
Introducing: Specialized Anti-malware
First, let’s take a closer look at specialized anti-malware. Designed and engineered specifically to detect and remove unknown malware threats, this new category of malware killers is unique in several key ways:
- It employs signature, behavioral, and heuristic detection technology.
- Since speed is paramount, these products are supported by research teams and updating processes that narrow the time from discovery of a new threat to the updating of the product with its antidote from hours to minutes.
- It is designed and tested to run alongside antivirus without conflict.
- It contains powerful remediation technology intended to remove all malicious code and repair the damage it has caused, removing the need for time-consuming endpoint re-imaging.
How Special Is Specialized?
Anti-exploit tools lead the next generation of endpoint security. Exploits pose one of the most dangerous malware delivery vectors, and traditional endpoint security does a poor job with them. Specialized anti-exploit security is unique in several aspects:
- It protects proactively, not reactively, shielding vulnerable browsers and applications so malware can’t even infect the system.
- It doesn’t use signature-based security methods, and does not require a signature database nor the upkeep and bandwidth associated with a signature database.
- It is “threat-agnostic,” and does not need to recognize a specific threat to block its operation, truly making it effective against zero-day (previously unidentified) threats.
- It is compatible with traditional antivirus, operating on a different (earlier) plane in the attack scenario.
These are just a few of the new technologies that have been added to the Internet security arsenal. If you would like to learn more about how specialized Internet security tools can be valuable to your customers, visit me at the Malwarebytes booth at Navigate 2014.
Are you taking proactive measures against these other MSP dangers?