the days of buying an anti-virus off the shelf and assuming you’re safe are gone. People have more than one device, they sync data, and they travel the world. Using software which relies on heavy signatures to protect you not only slows down your PC, but it’s ineffective. How are you supposed to stop something from infecting a computer if your so-called protection only works on things it knows about? This is reactive protection, not proactive. Hackers know this and by changing something as simple a semi-colon can alter the signature of a virus meaning you remain forever under a false sense of protection.
What we do for detection
Our solutions employ a wide variety of techniques to detect and identify unknown files, ranging from a simple signature-based system to emulators, machine-learning techniques, and reputation-based analysis coupled with maintained black and white lists. This holistic approach provides both detection of and protection from malware and potential zero-day issues.
The key to successful protection
- An antivirus and a firewall are not just enough to protect a device, they never were. A multi-layered approach is what’s needed to protect the devices connected.
Any security suite you use should be equipped with the following:
- Anti-malware solution
- Internet Security
- Device Firewalls
- Mobile Device Management
- Mobile Security Solutions
- Intrusion Detection Techniques
- Application Controls
The Endpoint Security Strategy
Be it your own small business device, something for home, or your child’s iPad; when connected to the internet they are all prone to malware/hacking/ransomware/keylogging attacks. Endpoint protection has become the most critical aspect of IT security to protect any business and customer data and identity. When a device is connected to the company’s network or even your home router that has been infected with malware, hacker’s channel it to steal information or perform keylogging activities without the consent of the user as just one example.
This calls for a strict endpoint security system that is a security-laden protocol to ensure endpoint and network protection. The endpoints can be computers, smartphones. laptops or Point of sale system and any other devices that are connected and communicate. This protection needs a strategy intact, all organised with protocols and rules for the devices to stay compliant with security policies that ensure to obstruct suspicious access which talking to and warning everything else you own.
Cloud backups are great, but your data syncs. If your file is compromised, it’s compromised everywhere.
What has changed?
The antivirus technology that was originally invented was used for removal and cleaning, a reactionary approach to remove an existing known infection. This does work, if the problem is known about, however, it can often cause disastrous effects with the computer functionality. It’s better to be alive and be missing an arm, then to not have made it through. This strategy is still being marketed as a solution to prohibit infection by unknown malware, including zero-day attacks. Science proves this is an ineffective approach to the problem. No antivirus methodology that allows unknown files to run unprotected on the endpoint will ever be 100% effective in preventing infections. This is the main reason systems are compromised, and cyber criminals consistently continue to win costing individuals and companies an estimated $400 billion a year.
Enterprises invest a lot of money on endpoint security, yet are still infected by malware. While not as popular with end-users and small businesses, Security is still sometimes invested and subscribed to. There’s a common train of thought these days where most users don’t think they require security software but it is extremely likely, given the current proliferation of threats (Over a million new ones a day), that malware is lurking on your network or PCs at this very moment. Without a robust prevention and defence strategy, it is only a matter of time until you are infected and your identity, money, and information is stolen (if it hasn’t already happened). Unfortunately, relying only on antivirus methods leaves you open to a data breach and a world of hurt.
What exactly does this mean?
The industry has been doing the same thing for the last 30 years and expecting a different result. Not surprisingly, data breaches have been escalating exponentially. Detection is not protection, and herein lies the main issue.
This antivirus inadequacy is demonstrated by the unsolvable Halting Problem discovered by Alan Turing—science that proves antivirus can never provide a 100% detection rate. People are continually getting infected because they allow unknown files to run on their endpoints. Hackers recognise this and can easily defeat default allow postures by constantly innovating and bypassing detection and mostly pretending to be something they’re not, or piggy-backing off something you think is safe. Default allow is a dangerous security posture to rely on, because every piece of malware starts life as an “unknown” file and your traditional endpoint security solution allows them all to run.
One of the biggest weak points in an Enterprise industry is the HR department. They get resumes, files, documents, etc. sometimes in more formats than just a .doc and those are some of the easiest things to hide malicious code inside as just one example. Communications, Graphics, all these departments are at risk for the same reason, the same reason which applies to home execution as well: Your eldery parents, your kids, unsuspecting family members, already infected friends connecting to your setup, etc.: People are constantly sharing and downloading files, browsing and clicking things they shouldn’t putting your home, your data, and your identity at risk.
9/10 people in a recent Survey stated they trust torrents and piracy and don’t think twice about what they download, edit on their machines, or execute. There’s more trust in a random pirate installing code and having you edit your PC then there is in IT security when most of the time pirated software is opening backdoors or installing malware.
Why are most modern approaches failing?
To address the inadequacy of traditional signature-based solutions, new “Next Gen” endpoint security approaches have been developed that seek to expedite the identification of unknown malware and zero-day exploits. Automated behavioural analysis tools such as “sandboxes” run unknown files in virtualized environments to understand if applications exhibit malicious behaviour or not. While this approach has improved detection rates, it decreases usability, as the end user must wait for the analysis to complete before using the file. A larger concern is that, in some models, the analysis is done while the user is allowed to use the file, and the time necessary to “study” these unknown files opens a window for a malicious file to infect the endpoint. Unfortunately, that single “patient zero” infection is all an attacker needs to pivot and gain access to sensitive assets in your network. These new approaches result in a default allow security posture, a posture that by default allows everything onto the endpoint unless it’s known to be bad. It’s not the bad files we know about that are the issue, it is the unknown files which end up being malicious that ultimately cause the damage.
Okay, so what do you do?
Since the default allow posture is the underlying problem, we need to flip an organisation or home’s overall security posture to Default Deny to eliminate malware threats, while educating people on the importance of security.
With our partner, Sophos has a breakthrough security solution that allows the known good, blocks the known bad and contains the unknown until a verdict can be determined.
Productivity is assured, and no malware runs on your endpoints.
With our cloud you can manage and protect any device, whether it’s on or off your network, at home, or a coffeeshop with our Advanced Endpoint Protection.
Sophos allows us to go one step further as well and offer full guarenteed protection using firewalls, and synchronised Security (mostly beneficial for businesses).
What is Synchronised Security?
It’s a new approach to IT Security. It is a best of breed security system that enables your defenses to be as coordinated as the attacks they protect against. It combines an intuitive security platform with award-winning products that actively work together to block advanced threats to give you unparalleled protection.
Sychronised Security Heartbeat: