The security industry agrees that signature based antivirus provides minimal protection of today’s cyber security threats. To put it frank, it’s a waste of company resources. This is why next generation antivirus solutions such as Palo Alto Traps, Sentinel One, and Carbon Black have become the de facto endpoint security product for organizations looking to protect their computing investment.
Organizations that choose to replace their traditional antivirus with more advanced technologies should select a security product that provides the five capabilities below.
#1 – Focus on Prevention First
As cyber breaches continue to increase in frequency, variety, and sophistication, the whole security industry has struggle – and more often, failed – to prevent successful breaches. The industry’s collective focus on EDR (endpoint detection and response) solutions is partially to blame for this. Better detection only narrows the window of time during which an attack is detected and does little to address the need for protecting valuable information before a compromise occurs. According to the Verizon 2016 Data Breach Investigations Report,
81.9% of cyber attacks successfully compromise their targets within minutes.
The recent increase in successful ransomware attacks highlights the shortcomings of legacy AV and EDR solutions in protecting systems during an ever-shrinking window of opportunity to detect and respond to cyber attacks. Breach detection and incident response do offer security value, but they must be secondary priorities compared to prevention. A focus on prevention is the only effective, scalable and sustainable way to reduce the frequency and impact of cyber breaches.
#2 – Prevention of Known and Unknown Malware
A complete solution for preventing security breaches on the endpoint must also prevent the successful execution of malware, both known and unknown. To avoid the shortcomings of signature-based antivirus and minimize the operational impact of responding to false positives from behavioral monitoring, the malware prevention capabilities of the ideal product should not involve signatures or require prior knowledge of an instance of malware to prevent its execution. Additionally, effective prevention of both common and advanced malware necessitates the deployment of multiple analysis and prevention methods that can be tuned for maximum effectiveness.
#3 – Prevention of Known and Zero-Day Exploits
Threat actors who pursue the most effective means to circumvent existing endpoint security measures rely on exploits, especially those that leverage unknown software vulnerabilities (commonly referred to as “zero-day exploits”). Embedded in specially crafted data files and content, such as Adobe PDF and Microsoft Word documents, zero-day exploits manipulate legitimate applications to carry out nefarious activities. Their ability to evade traditional AV and a lack of vendor security patches often leave organizations with little in terms of preventative measures against exploits, especially the zero-day variety. A complete solution to preventing security breaches on the endpoint must, therefore, prevent known and unknown exploits from subverting legitimate applications.
#4 – Automatic Integration of Threat Intelligence
With the proliferation of free and low-cost tools, threat actors can quickly generate new and unique attacks that evade detection by traditional signature-based antivirus. Organizations must use the threat intelligence gained elsewhere through encounters with new and unique attacks to prevent security breaches in their own environments. A replacement for AV must natively integrate and leverage threat intelligence from global resources to automatically detect known malware and quickly identify unknown malware, blocking both from infecting systems. It must also reprogram the entire environment quickly and without human intervention to ensure defenses are in place to block subsequent attacks that may deploy previously seen malware.
#5 – Ubiquitous Protection
Organizational workforces are becoming more mobile. They are connecting to internal resources from points around the globe that are outside the organizational network perimeter. They use cloud-based SaaS (software as a service) and storage solutions to process and share data, even when disconnected from the organization’s network. These services and solutions can sync and distribute files, including malware and exploits, across an organization’s entire employee population. A complete solution to preventing security breaches on the endpoint is needed to prevent both malware and exploits from compromising a system regardless of its online status, its connectivity to the organizational network, or its physical location (on-premise or off).