Why the “traditional” antivirus just won’t do anymore

Blog aimed at SMEs

Until a few years ago, the available antivirus and antimalware solutions for endpoint devices such as laptops and mobile phones were, without exception, “traditional”. By traditional, we mean that they are based on “signatures” that are assigned to malware files. To keep your security up to date, these signatures for new malware files need to be sent on a regular basis to the endpoints via updates.

In today’s IT landscape and with the increasing complexity of cyberattacks (e.g. Zero Day exploits, Malware-as-a-Service …) this type of endpoint security is not sufficient anymore to adequately protect the end user.

Nowadays, you can find several products that fight viruses and other malware on the basis of artificial intelligence. These are better equipped to fight unknown or new threats (such as file-less malware) than signature-based solutions. Artificial intelligence allows technology to continuously adjust itself and to identify malware even before it can cause any harm. Concretely speaking, these next-generation endpoint solutions rely on a mathematical analysis of file properties to determine if a file is legitimate or malevolent. This intelligence is built-in and therefore doesn’t rely on an internet connection and signature updates to function properly.

Can your firewall handle encrypted traffic?

In a modern and thoroughly secured IT environment, a large percentage of the user traffic passes through a firewall. Ideally, the firewall gets access to all traffic and all malware can be blocked.

In the past few years, however, we have witnessed a huge increase in encrypted traffic. Encryption is a very valuable technology: it prevents third parties from accessing network transactions. But encryption being very processing-intensive, it gets harder or even impossible to ensure inspection (and consequently prevention) on the firewall, as well-encrypted connections won’t grant it access.

To solve this problem, you need to provide prevention solutions at the endpoint, where the session gets decrypted. Moreover, a large part of the smaller organizations uses the firewall for their perimeter but not yet for their internal network segmentation. When a firewall merely protects the perimeter, and consequently there is no network segmentation, malware that does manage to intrude, will be able to spread laterally without any obstruction throughout the organization. Only a decent next-generation endpoint security solution will be able to block such malware.

Security frameworks’ added value

Cybersecurity solution vendors have recently been observed to stop delivering stand-alone solutions, and to provide a complete framework instead, which can provide protection to the entire infrastructure and whose components (such as firewalls, endpoint security solutions, remote access solutions etc.) seamlessly integrate and communicate.

Such a security framework provides two main advantages. Firstly, such framework enables the organization to more easily enforce a consistent and seamless implementation of security policies. Also, the information on discovered malware can be distributed more easily among the various framework components, thus offering a better protection.

Next, it facilitates the collection of logs from the various framework components to be stored in one central location, (locally or in the cloud) such as a security dashboard.

Independently, these logs are mostly meaningless. But when applying machine learning to these consolidated logs in order to find anomalies in user behavior and to take appropriate action, they can become a powerful tool.

Analyzing log information and behavioral patterns (UEBA – User and Entity Behaviour Analytics) thus becomes far more accessible, to smaller as well as larger organizations, and is therefore considered by many companies as their next step towards upgrading their cybersecurity in the year 2020.

Ransomware 2020: pay up or find your data online

January 17th, 2020|Comments Off on Ransomware 2020: pay up or find your data online

Our malicious counterparts have yet again found a new way to increase their revenue and simultaneously leave victims of ransomware attacks in utter shambles. Let's look into this.

My company is hit by ransomware. What to do?

January 16th, 2020|Comments Off on My company is hit by ransomware. What to do?

What do you do when hit by ransomware? How to get up and running again? Rubrik's Polaris Radar is the solution to restore your clean data in no time.

I am a digital service provider. What about NIS?

January 16th, 2020|Comments Off on I am a digital service provider. What about NIS?

As a digital service provider, how do you determine whether your organization has to comply with the NIS regulation? And if you have to comply, what do you have to do?