Why the “traditional” antivirus just won’t do anymore
Blog aimed at SMEs
Until a few years ago, the available antivirus and antimalware solutions for endpoint devices such as laptops and mobile phones were, without exception, “traditional”. By traditional, we mean that they are based on “signatures” that are assigned to malware files. To keep your security up to date, these signatures for new malware files need to be sent on a regular basis to the endpoints via updates.
In today’s IT landscape and with the increasing complexity of cyberattacks (e.g. Zero Day exploits, Malware-as-a-Service …) this type of endpoint security is not sufficient anymore to adequately protect the end user.
Nowadays, you can find several products that fight viruses and other malware on the basis of artificial intelligence. These are better equipped to fight unknown or new threats (such as file-less malware) than signature-based solutions. Artificial intelligence allows technology to continuously adjust itself and to identify malware even before it can cause any harm. Concretely speaking, these next-generation endpoint solutions rely on a mathematical analysis of file properties to determine if a file is legitimate or malevolent. This intelligence is built-in and therefore doesn’t rely on an internet connection and signature updates to function properly.
Can your firewall handle encrypted traffic?
In a modern and thoroughly secured IT environment, a large percentage of the user traffic passes through a firewall. Ideally, the firewall gets access to all traffic and all malware can be blocked.
In the past few years, however, we have witnessed a huge increase in encrypted traffic. Encryption is a very valuable technology: it prevents third parties from accessing network transactions. But encryption being very processing-intensive, it gets harder or even impossible to ensure inspection (and consequently prevention) on the firewall, as well-encrypted connections won’t grant it access.
To solve this problem, you need to provide prevention solutions at the endpoint, where the session gets decrypted. Moreover, a large part of the smaller organizations uses the firewall for their perimeter but not yet for their internal network segmentation. When a firewall merely protects the perimeter, and consequently there is no network segmentation, malware that does manage to intrude, will be able to spread laterally without any obstruction throughout the organization. Only a decent next-generation endpoint security solution will be able to block such malware.
Security frameworks’ added value
Cybersecurity solution vendors have recently been observed to stop delivering stand-alone solutions, and to provide a complete framework instead, which can provide protection to the entire infrastructure and whose components (such as firewalls, endpoint security solutions, remote access solutions etc.) seamlessly integrate and communicate.
Such a security framework provides two main advantages. Firstly, such framework enables the organization to more easily enforce a consistent and seamless implementation of security policies. Also, the information on discovered malware can be distributed more easily among the various framework components, thus offering a better protection.
Next, it facilitates the collection of logs from the various framework components to be stored in one central location, (locally or in the cloud) such as a security dashboard.
Independently, these logs are mostly meaningless. But when applying machine learning to these consolidated logs in order to find anomalies in user behavior and to take appropriate action, they can become a powerful tool.
Analyzing log information and behavioral patterns (UEBA – User and Entity Behaviour Analytics) thus becomes far more accessible, to smaller as well as larger organizations, and is therefore considered by many companies as their next step towards upgrading their cybersecurity in the year 2020.