Conventional antivirus (AV) solutions have become ineffective against today’s known and unknown threats. But why is there such a spotlight on AV’s inadequacy, to the extent that traditional antivirus solutions are being deemed a threat themselves?
A new wave of AV replacement technology, known as Next-Generation or Advanced Endpoint Protection, is sweeping the industry. We believe there are 3 key factors influencing the growth of next-generation endpoint protection today:
1) THE ADVANCEMENT OF “ENDPOINT” TECHNOLOGY
Just what is an “endpoint” nowadays? Traditionally this term referred to desktops (possibly stretching to laptops) and servers, but this term now refers to all sorts of smart phone and tablet devices, virtual machines as well as the vast landscape of the Internet of Things (IoT), including our latest favourite, the Internet of Robotic Things (IoRT). Many of these endpoints are operating in intensive workload environments and, contrary to the term “Internet” of Things, they aren’t always connected to the Internet to receive software updates, and therein lies a potential vulnerability exploit opportunity.
Increasingly mobile users are driving organisations to consider how they secure endpoints outside of the traditional network perimeter, for laptops are another endpoint that aren’t always connected to the Internet. A further challenge and major vulnerability exists due to the proliferation of software and systems used within global organisations, and how patches are maintained and security is managed when technology reaches End of life (EoL). Microsoft ended support for W2003, XP and anything older than IE11, yet many legacy applications still rely on these versions to operate, so where does that leave you?
2) THE EVOLUTION OF THE THREAT
Today’s threats go way beyond a mere “virus”. There’s a reason at least half the audience in attendance at our events raise a hand when we ask who’s been recently hit by malicious executable software, or malware, such as ransomware. Cyberattacks have become such a common occurrence, yet all of those people in our audience had been using traditional AV. So how did the malware get in?
In the late 1980’s, when AV solutions first became available, AV companies had plenty of time to spot a common virus and release an update to sufficiently protect against it. Today, new strains of known and unknown threats, especially Zero-Day (malware released before a software vendor has the chance to release a patch to fix a vulnerability) are created every day. This is possible due to the open availability of malware for hackers to purchase at a very low cost and the ease of making quick changes to malware signatures to create a new version. As a result, AV vendors have no chance of keeping up with patching. In fact, we’ve witnessed AV solutions that’ve been 6-12 months out of date with patches. These are the common AV solutions we all buy.
Added to this, several years ago, AV vendors made it easy to buy their software online – we heard recently that 70% of SMBs purchase AV software without talking to a sales person – and many go on to renew licences online, even if it’s just to tick the box for compliance purposes. We know investment in security is important to our customers, since in times of recession, we’ve always seen the security budget being ring-fenced. But the key thing is what you do with that budget. Innovative organisations are becoming wise to the idea that an integrated security architecture is the best prevention method, whilst others buy every analytics tool under the sun, just in case.
This more sophisticated malware also just got personal – it’s beginning to mimic the people and things we know and trust, cruelly deceiving us into clicking links in phishing emails and opening up documents and files on USB sticks. Organisations need to deal with this onslaught by moving beyond detection and response to developing an in-depth prevention strategy.
3) THE EFFECTIVENESS OF THE PREVENTION METHOD
Whilst signature-based file scanning has been the principal detection method used by traditional AV solutions, this method can no longer keep pace with the growth in complexity and sophistication of applications and their supporting networks and infrastructure, or with today’s modern threats. AV software can only scan for malware or exploits that it has signatures for.
Next-Generation or Advanced Endpoint Protection methods take a completely new approach and are updated in real-time, without reliance on signatures but on threat intelligence and machine learning to prevent malware and vulnerability exploits. These new solutions are typically lightweight, using minimal memory, CPU and disk space, so barely noticeable by end users from a performance perspective, and satisfy these 3 criteria:
- Prevent exploits – known, unknown/Zero Day
- Prevent malware – known, unknown
- Integrate into a security platform
A prevention strategy helps you to minimise overall risk exposure, simplify security protection, prevent unwanted remediation costs and eliminates the cost associated with hiring extra security engineers to carry out malware analysis and forensics.
HOW DO YOU CHOOSE THE RIGHT ENDPOINT PROTECTION SOLUTION?
We work with several Next-Generation or Advanced Endpoint Protection partners that each have different prevention methods. We’ll help you to explore relevant business and environmental factors and will recommend which technology we feel it would be best for you to test in your scenario. To get started with a recommendation, just email us at email@example.com or you can call us at one of our offices closest to you.