Endpoint Protection: 4 THINGS ANTIVIRUS DOESN’T ADDRESS

 

Organizations are struggling to protect themselves from security breaches. They implement various security tools and solutions to protect their networks, applications, cloud, endpoints, etc.; they make conscious efforts to meet regulatory compliance; their security teams work to comb through endless security alerts; and yet, there has been an increase in successful cyber breaches and data loss.

Why?

The answer lies partially within the fact that threats and threat actors have evolved, while many security solutions have not. Threats have become more sophisticated, automated, low-cost to execute, and occur in various forms, in quantities and at paces faster than organizations are prepared to handle. All of this has happened while many security tools, solutions and platforms have maintained the same practices. Antivirus is a perfect example of this, proving inadequate for protecting systems against security breaches. Below are the four main market challenges that antivirus isn’t addressing and what an effective endpoint security solution should do to address those challenges.

 

1. Cyber breaches are increasing with no end in sight.

In an effort to curb breaches and data loss, organizations deploy a number of security solutions and software agents. Unfortunately, these solutions, and traditional antivirus solutions in particular, struggle, and oftentimes fail, to protect their systems. This is has resulted in an increase in cyber breach frequency, variety and sophistication.

The security industry focuses primarily on improving detection and response time, resulting in only narrowing the window from when an attack occurs to when an attack is detected. This does little

to address the need for protecting valuable information before an organization suffers a breach. In order to reduce the frequency and impact of cyber breaches, a shift must occur from detecting and responding to incidents, after critical assets have already been compromised, to preventing threats from breaching an organization in the first place.

 

2. Antivirus solutions are no longer effective in preventing successful cyberattacks.

Cyber attackers have taken advantage of the free and low-cost tools available to generate new and unique, encrypted or polymorphic malware that can evade detection by traditional signature-based antivirus. Attacks that leverage unknown and zero-day exploits are able to evade antivirus protections. To protect against techniques that are able to skirt detection by antivirus, an effective endpoint security solution must be able to protect your endpoints from known and unknown malware and exploits at the core of the attack.

 

3. Increasingly mobile users requires organizations to secure endpoints outside the traditional network perimeter.

Organizations are utilizing cloud-based software-as-a-service (SaaS) and storage solutions to connect to internal resources from points around the globe, inside and out of the organization’s network perimeter. These services and solutions sync and distribute files across an organization’s population, improving how it processes and shares data, but also potentially exposing the entire enterprise to malware and exploits. Contributing to this exposure are threats in SaaS applications, such as malware propagation, accidental exposure and malicious data exfiltration.

Cyberattacks target end users and endpoints where the network does not have complete visibility, making employees outside of the organization’s network more likely to encounter malware. To address these threats, endpoint security must protect systems beyond the traditional network perimeter.

 

4. Organizations struggle with patch management and securing EoL software and systems.

Vulnerabilities in applications and systems are expected. The problem is that vulnerabilities exist long before patches are released and the implementation of patches, critical or not, is not guaranteed. Additionally, organizations running legacy systems and software that have reached their end-of-life (EoL) remain vulnerable as security patches are no longer available. This may leave organizations subject to risks that are unknown and difficult to mitigate.

Situations like these present threat actors with an opportunity to use these vulnerabilities and compromise unpatched applications and systems. With the growing number of software vulnerabilities discovered every day, and with exploit kits readily available on the underground market, even the not-so-technical attackers have the ability to launch sophisticated attacks. To secure unpatched or legacy systems and software, an effective security solution must protect against the exploitation of both known and unknown threats.

Ignite 2017 Vancouver