Wannacry, Petya, Notpetya

I still find it unbelievable that after what has happened in the last few months, there are still companies that rely on traditional signature-based AV (anti-virus). Although the traditional AV technologies have changed somewhat to try to keep up with the market, this technology is essentially more than 30 years old.

Another trend I have noticed is that companies are still relying on resellers/integrators that provide them with end-user operating system/software services for security solutions. If you use the example of the medical world, a general doctor is not consulted when someone has recurring problems with their heart. It is best practice to refer to a heart specialist, who has experience in dealing with that specific problem.

Don’t get me wrong; traditional signature-based AV was the best solution years ago when viruses were not as high. The virus analysts could reverse engineer the virus and create a signature for it in a reasonable time so that other people would not be infected. At that time, there were enough people with the skills available to deal with the volume of new viruses emerging.

Also, the way the traditional signature-based AV worked was good because it was a pre-execution which means they deleted the virus before the user could do anything with it. But with the boom of the viruses, they no longer have enough time or skilled people to provide their customers with a signature on time. That’s when “sandboxing” technologies emerged.  They create a signature automatically when they see it is a virus/malware.

However, to evade this technique, the hackers found a way to make one malware and create millions of samples for this which means that they would only use that specific signature for a short amount of time before switching to a new strain. This is a quick and repeatable process. Therefore, “sandboxing” technology is not the correct solution, as it would be too slow.

This proves it is time for an endpoint security solution that has the same characteristics as traditional signature-based AV (Pre-execution); but, it also means it includes a way to find viruses/malware it has never seen before.

Let’s go back to the medical analogy and specifically of the heart.  If you use an AED (Automated External Defibrillator which someone who has basic training can do) correctly when you have experienced a first heart failure, your heart will start again. I see this stage as the Traditional signature-based AV solution because it is NOT proactive and will hopefully fix the problem once all the facts have been gathered.

But if this is not a one-time problem (like viruses/malware), you will be offered an operation. And this, of course, will not be done by the person that saved you with the AED, but by a specialised heart surgeon. During this surgery, the patient will be fitted with a pacemaker so that the next time the problem occurs the pacemaker will correct the issue and the patient will remain unaware that there was an issue in the first place. This comparison is like having a security specialist when it comes to implementing a security solution. It requires specific skills and expertise that only a specialist in security can provide.

The good thing is, there are already endpoint solutions that have all these advantages on the market and SecureLink can help you with this. Is it 100% safe? Of course not, but neither is a pacemaker. There is never a 100% guarantee, but you would rather rest assured that you have implemented the best-of-breed technology and have a security specialist who is on hand to help when new malware and cyber-attacks emerge.

This is only one security problem we discuss here; but, for a good security infrastructure, you need a layered approach that includes People, Processes, and Technology. It is like diseases – you sometimes also need more than one solution. If we go back to the heart disease, he will not only need to have a pacemaker but also take pills to ensure his blood keeps thin enough, so that the chances are even less than before to have another heart failure.

For any more information on Next Gen AV or on how SecureLink can assist you, please contact your local SecureLink Sales Representative.

Wim De Smet

CTO – Belgium
wim.desmet@securelink.be

2017-07-12T14:11:38+00:00 July 13th, 2017|
SecureLink

SecureLink

X