the days of buying an anti-virus off the shelf and assuming you’re safe are gone. People have more than one device, they sync data and using software which relies on heavy signatures to protect you not only slows down your PC, but it’s ineffective. How are you supposed to stop something from infecting a computer if your so-called protection only works on things it knows about? This is reactive protection, not proactive.
What we do for detection
Our solutions employ a wide variety of techniques to detect and identify unknown files, ranging from a simple signature-based system to emulators, machine-learning techniques, and reputation-based analysis coupled with maintained black and white lists. This holistic approach provides both detection of and protection from malware and potential zero-day issues.
The Default deny approach is the main defense mechanism for protection. Implemented as a unique containment technology [OS Virtualization] on the endpoint, it provides isolation of potential damage from malware and usability through the extensive whitelisting capabilities of our systems. For detection, static, dynamic and reputation-based systems are successfully blended to create a powerful engine that can detect zero-day malware that no other engine is able to identify. The cloud-based file analysis system enables the detection of almost all malware instantly. Additionally, expert human analysis may also be performed for detection, a unique feature that guarantees 100 percent detection for all malware files.
What has changed?
The antivirus technology that was originally invented was used for removal and cleaning, a reactionary approach to remove an existing known infection. This does work, if the problem is known about, however, it can often cause disastrous effects with the computer functionality. It’s better to be alive and be missing an arm, then to not have made it though. This strategy is still being marketed as a solution to prohibit infection by unknown malware, including zero-day attacks. Science proves this is an ineffective approach to the problem. No antivirus methodology that allows unknown files to run unprotected on the endpoint will ever be 100% effective in preventing infections. This is the main reason systems are compromised, and
This strategy is still being marketed as a solution to prohibit infection by unknown malware, including zero-day attacks. Science proves this is an ineffective approach to the problem. No antivirus methodology that allows unknown files to run unprotected on the endpoint will ever be 100% effective in preventing infections. This is the main reason systems are compromised, and cyber criminals consistently continue to win.
Enterprises invest a lot of money on endpoint security, yet are still infected by malware. It is extremely likely, given the current proliferation of threats, that malware is lurking on your network or PCs right now. Without a robust prevention and defence strategy, it is only a matter of time until you are infected and your identity, money, and information is stolen (if it hasn’t already happened). Unfortunately, relying only on antivirus methods leaves you open to a data breach and a world of hurt.
What exactly does this mean?
The industry has been doing the same thing for the last 30 years and expecting a different result. Not surprisingly, data breaches have been escalating exponentially. Detection is not protection, and herein lies the main issue.
This antivirus inadequacy is demonstrated by the unsolvable Halting Problem discovered by Alan Turing—science that proves antivirus can never provide a 100% detection rate. People are continually getting infected because they allow unknown files to run on their endpoints. Hackers recognize this and can easily defeat default allow postures by constantly innovating and bypassing detection and mostly pretending to be something they’re not, or piggy-backing of something you think is safe. Default allow is a dangerous security posture to rely on, because every piece of malware starts life as an “unknown” file. And your traditional endpoint security solution allows them all to run.
One of the biggest weak points in an Enterprise industry is the HR department. They get resumes, files, documents, etc. sometimes in more formats than just a .doc and those are some of the easiest things to hide malicious code inside. With default allow it’s too late.
Why are most modern approaches failing?
To address the inadequacy of traditional signature-based solutions, new “Next Gen” endpoint security approaches have been developed that seek to expedite the identification of unknown malware and zero-day exploits. Automated behavioral analysis tools such as “sandboxes” run unknown files in virtualized environments to understand if applications exhibit malicious behavior or not. While this approach has improved detection rates, it decreases usability, as the end user must wait for the analysis to complete before using the file. A larger concern is that, in some models, the analysis is done while the user is allowed to use the file, and the time necessary to “study” these unknown files opens a window for a malicious file to infect the endpoint. Unfortunately, that single “patient zero” infection is all an attacker needs to pivot and gain access to sensitive assets in your network. These new approaches result in a default allow security posture, a posture that by default allows everything onto the endpoint unless it’s known to be bad. It’s not the bad files we know about that are the issue, it is the unknown files which end up being malicious that ultimately cause the damage.
Default Deny does help
According to the Gartner Research, “TRUE Default Deny and the End of Patient Zero,” Gartner estimates that default allow technologies, legacy or Next-Gen Endpoint Protection Platforms including AI based approaches, are only 30-percent accurate at detecting new threats. “They can’t keep up with the proliferation of malware—over a million pieces every day.” These legacy and Next-Gen EPP solutions rely on a default allow posture to only block known bad files, while allowing every other file to run without limitation. This means that organizations employing default allow postures are allowing unknown files unfettered access to their endpoints and some of these unknown files will end up being new malware.
Okay, so what do you do?
Since the default allow posture is the underlying problem, we need to flip an organization or home’s overall security posture to Default Deny to eliminate malware threats, while educating people on the importance of security.
With our partner, Comodo’s breakthrough security allows the known good, blocks the known bad and contains the unknown until a verdict can be determined.
Productivity is assured, and no malware runs on your endpoints.
Your endpoints are malware-free with a viable Default Deny Security Posture. With our cloud you can manage and protect any device, whether it’s on or off your network, at home, or a coffeeshop with our Advanced Endpoint Protection.